Just about on every request I am getting the following error:
Rule execution error - PCRE limits exceeded (-8): (null).
After a bunch of googling the only solutions seem to be
a) Add the following in your httpd.conf
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
b) Add the following to your php.ini
pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000
c) Use a version that was compiled with -disable-pcre-match-limit
option.
I am running the following:
ModSecurity for Apache/2.5.12 (http://www.modsecurity.org/).
Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze8 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8
For ModSec my rules, I am using the OWASP ModSecurity Core Rule Set Project version (CRS) version 2.2.3 which is the newest as of this posting.
My httpd.conf consists of essentially:
<IfModule security2_module>
SecUploadDir /var/asl/data/suspicious
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
Include modsecurity.d/modsecurity_crs_10_config.conf
Include modsecurity.d/activated_rules/*.conf
SecRuleEngine On
# Debug log
SecDebugLog /var/log/apache2/modsec_debug.log
SecDebugLogLevel 3
# Serial audit log
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
</IfModule>
<IfModule mod_php5.c>
php_admin_flag pcre.backtrack_limit 10000000
php_admin_flag pcre.recursion_limit 10000000
</IfModule>
Of which inside my modsecurity.d
directory is just all the default rules CRS has in their install file. I have also set the pcre limits to 150000000 and 100000000000 and more, but to no available.
So in conclusion:
solutions a
and b
are not working, and I prefer greatly not to do c
...as I don't really understand/like compiling.
Anyone have any other ideas?