Modsecurity rule execution error - PCRE limits exceeded

If you are getting following mod_security error in the Apache error logs

[Mon Jun 11 16:54:50 2011] [error] [client 171.235.170.226] ModSecurity: Rule 8269d10 [id "-"][file "/usr/local/apache/conf/modsec2.user.conf"][line "763"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.example.com"] [uri "/wp-content/themes/daily/timthumb.php"] [unique_id "T9YUytXlXKcADxXq-WUAAAAg"]

then to get rid of the error you will have to make some server side changes as the above rule can not be excluded for single domain on the server.

1) Login to the server as a root user from shell.

2) Go to Apache configuration directory

cd /usr/local/apache/conf

3) Create a new file

touch pcre_modsecurity_exceeded_limits.conf

4) Add the following contents by editing the above file using any editor like vi

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

5) Change the permission of the file to 600

chmod 600 /usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf

6) Open the mod_security file containing rules

vi /usr/local/apache/conf/modsec2.user.conf

7) Locate the line

<IfModule mod_security2.c>

8 ) Add the below line above the line located at step 7 and save the file.

Include "/usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf"

9) Make a configuration test before restarting Apache service

/etc/init.d/httpd configtest

10) If there is no syntax then restart Apache service

 If any feedback, queries are always welcome!

Share on Facebook3
Share on Google+5Tweet about this on TwitterShare on StumbleUpon0Share on LinkedIn0Share on Tumblr0Digg thisPin on Pinterest0Share on Reddit0Email this to someonePrint this page
If you are getting following mod_security error in the Apache error logs [Mon Jun 11 16:54:50 2011] [error] [client 171.235.170.226] ModSecurity: Rule 8269d10 [id "-"][file "/usr/local/apache/conf/modsec2.user.conf"][line "763"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.example.com"] [uri "/wp-content/themes/daily/timthumb.php"] [unique_id "T9YUytXlXKcADxXq-WUAAAAg"] then to get rid of the error you will have to make some server side changes as the above rule can not be excluded for single domain on the server. 1) Login to the server as a root user from shell. 2) Go to Apache configuration directory cd /usr/local/apache/conf 3) Create a new file touch pcre_modsecurity_exceeded_limits.conf 4) Add…

Review Overview

User Rating: Be the first one !

About Abhijit Sandhan

Abhijit Sandhan
Loves Linux, Blogging, Traveling, Hiking and sharing knowledge!

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA