ModSecurity: Rule execution error – PCRE limits exceeded (-8)

Today while working on one of client’s issue of getting blank page while browsing the website and apache error logs were showing following logs (tail -f /usr/local/apache/logs/error_log):

Error :

==============================================================================[Wed 08 12:15:37 2010] [error] [client XX.XX.XX.XX] ModSecurity: Rule execution error – PCRE limits exceeded (-8): (null). [hostname “www.testing.com”] [uri “/forum/login.php”] [unique_id “TDMQWW3LaKoAAGiQ0EYAAAAP”]

==============================================================================

Solution :

In order to solve this error I followed the steps given below :

1) Login to the server as root.

2)Go to directory /usr/local/apache/conf.

Run :

# [root@server~] # cd /usr/local/apache/conf
3)Then Create a file “pcre_modsecurity_exceeded_limits.conf” and paste following lines in it.

Run :

# [root@server conf]# vi pcre_modsecurity_exceeded_limits.conf

Code need to be paste :

#——————————

SecPcreMatchLimit 150000

SecPcreMatchLimitRecursion 150000

#——————————
4) Save and quit the file.(Esc+:wq!)

5) Make sure that the permissions assigned for the file are 600.

Run :

#[root@server ~]# chmod 600 /usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf

6) Now open the file /usr/local/apachec/conf/modsec2.user.conf .

Run :

# [root@server ~]# vi /usr/local/apachec/conf/modsec2.user.conf

7) Find the line “<IfModule mod_security2.c>“

8 ) Add following line just below the above mentioned line that is “<IfModule mod_security2.c>“
—————————————————–

Include “/usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf”

—————————————————–

9)Save and quit the file.(Esc+:wq!)

10) Now just restart your apache and mysql service.

Run :

# [root@server ~]# /etc/init.d/httpd restart

# [root@server ~]# /etc/init.d/mysqld restart
The issue should be fixed now.