czerdrill

Well-Known Member
Feb 18, 2011
70
0
56
I'm getting the PCRE limits exceeded error and based on my research it's saying to just add the two directives to the modsec2.user.conf file. Is that still a valid solution? All the threads on the subject are very old.

Also, the error_log shows the rule that is throwing the error, but where is that located? Meaning how do I find out what that rule is? Thanks!
 

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
Depending on the rules you are using and your configuration, you should be able to tell "where" the rule is located.

Assuming you are using GotRoot / Atomic rules, then:

Code:
[Thu Apr 05 18:49:30 2012] [error] [client 199.15.234.82] ModSecurity: Rule 9a5d7e8 [id "300300"][file "/usr/local/apache/conf/modsec_rules/30_asl_antispam.conf"][line "103"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "some.domain.com"] [uri "/wp-comments-post.php"] [unique_id "T34hetHwBQEAABVqBnYAAAAE"]
In this case it was triggered during some attempt to call http://some.domain.com/wp-comments-post.php The rule in question was 300300 and can be found in 30_asl_antispam.conf

Yes, adding the appropriate pcre-related directives to modsec2.user.conf is still the valid solution. However, keep in mind that just because you add those directives does not mean you'll never see another PCRE error. You just might limit them.

If you were using the Atomic Rulest as part of an ASL subscription, then you could always install their modsec version -- which I think suppresses those errors. It may do more than just surpress them, but I think at the very least it supresses them.

If you need any more detail than that, you probably should make a post on the forum of / email the creator of the ruleset you are using.

Mike
 
Last edited:

czerdrill

Well-Known Member
Feb 18, 2011
70
0
56
Ok thanks. Can I ask what exactly these errors mean though? Is suppressing them just the only solution? Why are these errors thrown in the first place?
 

mtindor

Well-Known Member
Sep 14, 2004
1,363
65
178
inside a catfish
cPanel Access Level
Root Administrator
I wish I had an answer for you. It seems people don't like to talk about PCRE errors in modsecurity. Well, they talk about them, but no definite solution / fix ever seems to come from the discussions :)

Mike
 

czerdrill

Well-Known Member
Feb 18, 2011
70
0
56
Yep in my research on the topic all i ever find is the workaround and never the reason. Thanks again!