ApacheNetworking & SecurityWeb Server

Modsecurity rule execution error - PCRE limits exceeded

If you are getting following mod_security error in the Apache error logs

[Mon Jun 11 16:54:50 2011] [error] [client] ModSecurity: Rule 8269d10 [id "-"][file "/usr/local/apache/conf/modsec2.user.conf"][line "763"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.example.com"] [uri "/wp-content/themes/daily/timthumb.php"] [unique_id "T9YUytXlXKcADxXq-WUAAAAg"]

then to get rid of the error you will have to make some server side changes as the above rule can not be excluded for single domain on the server.

1) Login to the server as a root user from shell.

2) Go to Apache configuration directory

cd /usr/local/apache/conf

3) Create a new file

touch pcre_modsecurity_exceeded_limits.conf

4) Add the following contents by editing the above file using any editor like vi

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

5) Change the permission of the file to 600

chmod 600 /usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf

6) Open the mod_security file containing rules

vi /usr/local/apache/conf/modsec2.user.conf

7) Locate the line

<IfModule mod_security2.c>

8 ) Add the below line above the line located at step 7 and save the file.

Include "/usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf"

9) Make a configuration test before restarting Apache service

/etc/init.d/httpd configtest

10) If there is no syntax then restart Apache service

 If any feedback, queries are always welcome!

Abhijit Sandhan

Love to Automate, Blog, Travel, Hike & spread Knowledge!

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button