ModSecurity Rule 9724108 PCRE limits exceeded

[inthukha]

Hello,

During browsing of few my website APache error logs generate the following errors on every website:

[Sat Aug 03 19:56:45 2013] [error] [client 22.323.24.18] ModSecurity: Rule 9724108 [id "390149"][file "/usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf"][line "113"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.domain.com"] [uri "/index.php"] [unique_id "Uf0aLS6lzfMAABQWJ70AAAAH"]

Its happen after i rebuild the apache with PHP 5.4.17, i have integrated Atomic rule and it was running perfect with last PHP build 5.3.25.

Please advise, how can i fix this error ?

 

[kernow]

Try this, WHM>>>mod security>>>edit config and add/check for the following:
SecPcreMatchLimit 100000
SecPcreMatchLimitRecursion 100000

 

[24x7server]

If you are still getting the same issues try to add following value on your server

Php.ini file

pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000

modsec2.user.conf file

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

 

[inthukha]

Hello,

Thank you, i have added the changes within PHP.INI and modsec2.user.conf. and placed the both within them.

one question, Atomic rule are auto updated ? or i need to update them ? if yes so How ? and once they updated or php upgraded should i need to place this changes again ?


Thanks

 

[cPanelMichael]

Hello

It's important to keep in mind that these are custom Mod_Security rules provided by Atomicorp. An error or warning message related to these rules is more likely the result of a problem with the custom rules, as opposed to an issue with EasyApache or Mod_Security itself. You can find support for their custom rules at their website:

Atomicorp/GotRoot Realtime Modsecurity Rules Support

Thank you.