The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security Rule execution error - PCRE limits exceeded (-8): (null).

Discussion in 'Security' started by ikillbill, May 10, 2010.

  1. ikillbill

    ikillbill Well-Known Member

    Joined:
    Feb 18, 2008
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Hi

    We re-complile with easyapache 5092 today, but our mod_Security still shows


    Rule execution error - PCRE limits exceeded (-8): (null).

    PCRE test shows

    pcretest -C
    PCRE version 6.6 06-Feb-2006
    Compiled with
    UTF-8 support
    No Unicode properties support
    Newline character is LF
    Internal link size = 2
    POSIX malloc threshold = 10
    Default match limit = 10000000
    Default recursion depth limit = 10000000
    Match recursion uses stack


    How to fix this PCRE problem please?


    solution here is not working
    http://forums.cpanel.net/f185/modsecurity-auto-updater-147745.html
     
  2. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Run /scripts/checkperlmodules as root a few times, or until you see there is no errors in you server, that helped me to fix the PCRE error.

    It will be easier to run the check perl before the installation of the new 2.5.12.

    Regards,

    Sergio
     
    #2 Secmas, May 10, 2010
    Last edited: May 14, 2010
  3. 9xlinux

    9xlinux Well-Known Member

    Joined:
    Dec 20, 2009
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I have the same issue, I have tried your solution on other thread but still the same.

    #/scripts/checkperlmodules --force --full
    Tested 141, 141 ok, 0 failed.
    But still same issue.
     
  4. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Have you checked your php.ini and modsec2.user.conf files?
     
  5. 9xlinux

    9xlinux Well-Known Member

    Joined:
    Dec 20, 2009
    Messages:
    185
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Yes I have added in PHP.INI
    pcre.backtrack_limit = 10000000
    pcre.recursion_limit = 10000000

    and added in modsec2.user.conf
    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000

    But still the error below,
    Rule execution error - PCRE limits exceeded (-8): (null)
     
  6. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    How many times did you run /scripts/checkperlmodules command? I recommend to run it a few times, I ran them 4 or 5 times in my servers. If you are using a VPS, maybe you will need to contact your vendor.

    Sergio
     
  7. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Friendly Moderator Note

    To ensure organized discussion and prevent possible confusion I have forked the mod_security PCRE topic into a new thread, separating it from the original feature request that applied only to a general update for mod_security.

    For reference, here is the original Feature Request thread: Mod Security 2.5.x Update - cPanel Forums
     
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    To confirm, are you using a custom or third-party ruleset for mod_security? Try disabling any custom rulesets and then, one-at-a-time, enable only those rules that you require. By testing rules one-at-a-time or in smaller subsets this will help to identify if the problem may be caused by an erroneous or incompatible rule for the latest mod_security release.

    Please ensure that all rules or rulesets used are compatible with the version of mod_security being used, e.g., v1.9.5 for Apache 1.3 or v2.5.12 for Apache 2.x.

    The quoted version of PCRE is not that of the version compiled by EasyApache; instead, it appears to be the same version that is included in the latest release of CentOS 5.5, as seen below:
    Code:
    # cat /etc/redhat-release
    CentOS release 5.5 (Final)
    
    # rpm -qf --qf "%{name}-%{version}-%{release}.%{arch}.rpm\n" /usr/bin/pcretest
    pcre-6.6-2.el5_1.7.x86_64.rpm
    
    # /usr/bin/pcretest -C
    PCRE version 6.6 06-Feb-2006
    Compiled with
      UTF-8 support
      No Unicode properties support
      Newline character is LF
      Internal link size = 2
      POSIX malloc threshold = 10
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    The following command may be used to accurately determine the version of PCRE in the "/opt" directory path that is installed by EasyApache:
    Code:
    # /opt/pcre/bin/pcretest -C
    Example:
    Code:
    # /opt/pcre/bin/pcretest -C
    PCRE version 8.02 2010-03-19
    Compiled with
      UTF-8 support
      Unicode properties support
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
     
  9. MajorWoody

    MajorWoody Member

    Joined:
    Apr 28, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I'm having this problem as well. My server is running:
    Code:
    # rpm -qf --qf "%{name}-%{version}-%{release}.%{arch}.rpm\n" 
    pcre-6.6-2.el5_1.7.x86_64.rpm
    Code:
    # /usr/bin/pcretest -C
    PCRE version 6.6 06-Feb-2006
    Compiled with
      UTF-8 support
      No Unicode properties support
      Newline character is LF
      Internal link size = 2
      POSIX malloc threshold = 10
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
    Should i remove the copy installed with CentOS 5.5?

    I've run /scripts/checkperlmodules four or five time (errors only on the first pass).
     
  10. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    I would not remove the RPM installation of PCRE that came with CentOS.

    To better determine how to proceed it will help to know additional information. Please provide the output from the following commands:
    Code:
    # grep -H '' /usr/local/cpanel/version /var/cpanel/envtype
    # /usr/local/apache/bin/httpd -v
    # /opt/pcre/bin/pcretest -C
     
  11. MajorWoody

    MajorWoody Member

    Joined:
    Apr 28, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for looking at this Don, here's the output requested:
    Code:
    # grep -H '' /usr/local/cpanel/version /var/cpanel/envtype
    /usr/local/cpanel/version:11.26.9-RELEASE_48422
    /var/cpanel/envtype:standard
    Code:
    # /usr/local/apache/bin/httpd -v
    Server version: Apache/2.2.16 (Unix)
    Server built:   Sep 11 2010 21:21:23
    Cpanel::Easy::Apache v3.2.0 rev5186
    Code:
    # /opt/pcre/bin/pcretest -C
    PCRE version 8.02 2010-03-19
    Compiled with
      UTF-8 support
      Unicode properties support
      Newline sequence is LF
      \R matches all Unicode newlines
      Internal link size = 2
      POSIX malloc threshold = 10
      Default match limit = 10000000
      Default recursion depth limit = 10000000
      Match recursion uses stack
     
  12. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Thank you for the information. Are you using only the stock-default rules supplied by cPanel, or are you using any custom or third-party rules added into the mod_security configuration?
     
  13. MajorWoody

    MajorWoody Member

    Joined:
    Apr 28, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Sorry for the delay... Got sidetracked on other things.

    I was using gotroot rules, but after reading your question i figured your next action would be to suggest removing 3rd party rules. So i've done that, i'm running clean now and still generating "Rule execution error - PCRE limits exceeded (-8): (null)." in my log file.

    What steps do you recommend i do now?
     
  14. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello MajorWoody,

    Could you submit a ticket now for this matter? At this point, it might be the quickest way for resolution. You can either use the link in my signature or WHM > Support Center > Contact cPanel area.

    Thanks!
     
  15. cuongvttt

    cuongvttt Active Member

    Joined:
    Jun 26, 2008
    Messages:
    36
    Likes Received:
    1
    Trophy Points:
    6
    I have many many servers that using CPanel have the same issue.

    It looks like this: Rule execution error - PCRE limits exceeded (-8): (null). 302

    I dont know why?

    What should i do, CPanel?

    Please give resolutions here to everyone. CPanel babe come on.............
     
  16. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Please try what was suggested earlier in this thread: mod_security Rule execution error - PCRE limits exceeded (-8): (null).
     
  17. MajorWoody

    MajorWoody Member

    Joined:
    Apr 28, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
  18. cuongvttt

    cuongvttt Active Member

    Joined:
    Jun 26, 2008
    Messages:
    36
    Likes Received:
    1
    Trophy Points:
    6
    Finally i got resolutions.

    Just add these lines into the file .conf that contains rules of mod_security.

    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000

    It helps me resolve this issueeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.
     
  19. HostingH

    HostingH Well-Known Member

    Joined:
    Jan 13, 2008
    Messages:
    73
    Likes Received:
    3
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi,

    Create pcre_modsecurity_exceeded_limits.conf under /usr/local/apache/conf

    Then vi pcre_modsecurity_exceeded_limits.conf

    add :

    SecPcreMatchLimit 150000
    SecPcreMatchLimitRecursion 150000

    Save and quit the file.

    chmod 600 pcre_modsecurity_exceeded_limits.conf

    Now open the file /usr/local/apachec/conf/modsec2.user.conf

    Search line line “<IfModule mod_security2.c>“

    Add : Include “/usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf”

    wq!

    restart your apache and mysql service.

    Issue fixed:
     
  20. Secmas

    Secmas Well-Known Member

    Joined:
    Feb 18, 2005
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Is it necessary to create an external input as you can write directly on your MODSEC2.USER.CONF the same command lines and the effect will the same?
     
Loading...

Share This Page