ModSecurity Rule 9724108 PCRE limits exceeded

inthukha

Well-Known Member
Jul 17, 2013
61
0
6
cPanel Access Level
Root Administrator
Hello,

During browsing of few my website APache error logs generate the following errors on every website:


Code:
[Sat Aug 03 19:56:45 2013] [error] [client 22.323.24.18] ModSecurity: Rule 9724108 [id "390149"][file "/usr/local/apache/conf/modsec_rules/50_asl_rootkits.conf"][line "113"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.domain.com"] [uri "/index.php"] [unique_id "Uf0aLS6lzfMAABQWJ70AAAAH"]
Its happen after i rebuild the apache with PHP 5.4.17, i have integrated Atomic rule and it was running perfect with last PHP build 5.3.25.

Please advise, how can i fix this error ?
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
If you are still getting the same issues try to add following value on your server

Php.ini file
Code:
pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000
modsec2.user.conf file
Code:
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
 

inthukha

Well-Known Member
Jul 17, 2013
61
0
6
cPanel Access Level
Root Administrator
Hello,

Thank you, i have added the changes within PHP.INI and modsec2.user.conf. and placed the both within them.

one question, Atomic rule are auto updated ? or i need to update them ? if yes so How ? and once they updated or php upgraded should i need to place this changes again ?


Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

It's important to keep in mind that these are custom Mod_Security rules provided by Atomicorp. An error or warning message related to these rules is more likely the result of a problem with the custom rules, as opposed to an issue with EasyApache or Mod_Security itself. You can find support for their custom rules at their website:

Atomicorp/GotRoot Realtime Modsecurity Rules Support

Thank you.