The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PCRE Limits Exceeded Error

Discussion in 'General Discussion' started by czerdrill, Apr 5, 2012.

  1. czerdrill

    czerdrill Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    I'm getting the PCRE limits exceeded error and based on my research it's saying to just add the two directives to the modsec2.user.conf file. Is that still a valid solution? All the threads on the subject are very old.

    Also, the error_log shows the rule that is throwing the error, but where is that located? Meaning how do I find out what that rule is? Thanks!
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Depending on the rules you are using and your configuration, you should be able to tell "where" the rule is located.

    Assuming you are using GotRoot / Atomic rules, then:

    Code:
    [Thu Apr 05 18:49:30 2012] [error] [client 199.15.234.82] ModSecurity: Rule 9a5d7e8 [id "300300"][file "/usr/local/apache/conf/modsec_rules/30_asl_antispam.conf"][line "103"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "some.domain.com"] [uri "/wp-comments-post.php"] [unique_id "T34hetHwBQEAABVqBnYAAAAE"]
    
    In this case it was triggered during some attempt to call http://some.domain.com/wp-comments-post.php The rule in question was 300300 and can be found in 30_asl_antispam.conf

    Yes, adding the appropriate pcre-related directives to modsec2.user.conf is still the valid solution. However, keep in mind that just because you add those directives does not mean you'll never see another PCRE error. You just might limit them.

    If you were using the Atomic Rulest as part of an ASL subscription, then you could always install their modsec version -- which I think suppresses those errors. It may do more than just surpress them, but I think at the very least it supresses them.

    If you need any more detail than that, you probably should make a post on the forum of / email the creator of the ruleset you are using.

    Mike
     
    #2 mtindor, Apr 5, 2012
    Last edited: Apr 5, 2012
  3. czerdrill

    czerdrill Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Ok thanks. Can I ask what exactly these errors mean though? Is suppressing them just the only solution? Why are these errors thrown in the first place?
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I wish I had an answer for you. It seems people don't like to talk about PCRE errors in modsecurity. Well, they talk about them, but no definite solution / fix ever seems to come from the discussions :)

    Mike
     
  5. czerdrill

    czerdrill Well-Known Member

    Joined:
    Feb 18, 2011
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Yep in my research on the topic all i ever find is the workaround and never the reason. Thanks again!
     
Loading...

Share This Page