Webhosting Blog

ModSecurity: Rule execution error – PCRE limits exceeded (-8)


After browsing site you get a blank page and the Apache error logs display following error logs

[Tue Jul 06 12:15:37 2010] [error] [client XX.XX.XX.XX] ModSecurity: Rule execution error – PCRE limits exceeded (-8): (null). [hostname “www.test.com”] [uri “/forum/login.php”] [unique_id “TDMQWW3LaKoAAGiQ0EYAAAAP”]

In order to solve this error follow following steps:

1) Login to the server as root.

2)Go to directory /usr/local/apache/conf.

[root@server~] # cd /usr/local/apache/conf

3)Create a file pcre_modsecurity_exceeded_limits.conf and insert following lines in it.

[root@server conf]# vi pcre_modsecurity_exceeded_limits.conf

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

4) Save and quit the file.

5) Please ensure the permissions assigned for the file are 600.

[root@server ~]# chmod 600 /usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf

6) Now open the file /usr/local/apachec/conf/modsec2.user.conf .

[root@server ~]# vi /usr/local/apachec/conf/modsec2.user.conf

7)Locate the line “<IfModule mod_security2.c>

8 ) Add following line just below the above mentioned line.

Include “/usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf”

9)Save and quit the file.

10) Now just restart your apache and mysql service. The issue should be fixed now.

Advertisements

4 responses

  1. good information. Keep it up. thanks.

    December 27, 2010 at 7:05 pm

  2. Pingback: 2010 in review « Linux Blog

  3. omar

    hi @ all…
    i’m just surfing the web just to see if someone had encountered this issue like me…
    i’ve just seen that many peoples got it but all can resolve and I can’t?
    why i cant?

    is the centos noob release?
    is noob_security?

    The steps ever mentioned are:

    1) php.ini tuning a values
    2) adding a PCRE limit in main.shit.conf

    and WHY I CANT RESOLVE?

    thank you in advance

    Message: Unconditional match in SecAction. [file “/etc/httpd/modsecurity.d/modsecurity_2.6.3_crs_10_config.conf”] [line “89”] [id “981207”]

    Message: Warning. Pattern match “(\\/\\*\\!?|\\*\\/|\\-\\-[\\s\\r\\n\\v\\f]|(?:–[^-]*-)|([^\\-&])#.*[\\s\\r\\n\\v\\f]|;?\\x00)” at REQUEST_COOKIES:__SAFETY__. [file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_41_sql_injection_attacks.conf”] [line “37”] [id “981231”]

    [rev “2.2.3”] [msg “SQL Comment Sequence Detected.”] [data “–www.spedireweb.it-“] [tag “WEB_ATTACK/SQL_INJECTION”] [tag “WASCTC/WASC-19”] [tag “OWASP_TOP_10/A1”] [tag “OWASP_AppSensor/CIE1”] [tag “PCI/6.5.2”]
    Message: Rule 2b9437f4d690 [id “950901”][file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_41_sql_injection_attacks.conf”][line “59”] – Execution error – PCRE limits exceeded (-8): (null).
    Message: Rule 2b9437f4d690 [id “950901”][file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_41_sql_injection_attacks.conf”][line “59”] – Execution error – PCRE limits exceeded (-8): (null).
    Message: Rule 2b94389161b0 [id “981248”][file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_41_sql_injection_attacks.conf”][line “539”] – Execution error – PCRE limits exceeded (-8): (null).
    Message: Rule 2b943bab7c68 [id “981242”][file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_41_sql_injection_attacks.conf”][line “565”] – Execution error – PCRE limits exceeded (-8): (null).
    Message: Rule 2b94382333c0 [id “981247”][file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_41_sql_injection_attacks.conf”][line “571”] – Execution error – PCRE limits exceeded (-8): (null).
    Message: Rule 2b943bbe4b70 [id “981243”][file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_41_sql_injection_attacks.conf”][line “573”] – Execution error – PCRE limits exceeded (-8): (null).
    Message: Warning. Match of “streq 0” against “TX:MSC_PCRE_LIMITS_EXCEEDED” required. [file “/etc/httpd/conf.d/modsecurity_2.6.3.conf”] [line “101”] [msg “ModSecurity internal error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED”]
    Message: Warning. Operator GE matched 0 at TX:inbound_anomaly_score. [file “/etc/httpd/modsecurity.d/base_rules_263/modsecurity_crs_60_correlation.conf”] [line “37”] [id “981204”] [msg “Inbound Anomaly Score Exceeded (Total Inbound Score: 3, SQLi=1, XSS=): SQL Comment Sequence Detected.”]
    Apache-Handler: php5-script
    Stopwatch: 1325606295524991 613683 (- – -)
    Stopwatch2: 1325606295524991 613683; combined=48676, p1=575, p2=47900, p3=0, p4=0, p5=200, sr=137, sw=1, l=0, gc=0
    Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/); core ruleset/2.2.3.
    Server: Apache

    January 3, 2012 at 4:05 pm

  4. Armen

    not working

    May 1, 2012 at 12:21 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s