Pages

Friday, April 12, 2013

ModSecurity: Rule execution error – PCRE limits exceeded (-8)

Today while working on one of client’s issue of getting blank page while browsing the website and apache error logs were showing following logs (tail -f /usr/local/apache/logs/error_log):

Error :

==============================================================================

08 12:15:37 2010] [error] [client XX.XX.XX.XX] ModSecurity: Rule execution error – PCRE limits exceeded (-8): (null). [hostname "www.testing.com"] [uri "/forum/login.php"] [unique_id "TDMQWW3LaKoAAGiQ0EYAAAAP"]

==============================================================================

Solution :


In order to solve this error I followed the steps given below :
1) Login to the server as root.
2)Go to directory /usr/local/apache/conf.
Run :
# [root@server~] # cd /usr/local/apache/conf
3)Then Create a file “pcre_modsecurity_exceeded_limits.conf” and paste following lines in it.
Run :
# [root@server conf]# vi pcre_modsecurity_exceeded_limits.conf
Code need to be paste :
#——————————
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
#——————————
4) Save and quit the file.(Esc+:wq!)
5) Make sure that the permissions assigned for the file are 600.
Run :
#[root@server ~]# chmod 600 /usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf
6) Now open the file /usr/local/apachec/conf/modsec2.user.conf .
Run :
# [root@server ~]# vi /usr/local/apachec/conf/modsec2.user.conf
7) Find the line “<IfModule mod_security2.c>“
8 ) Add following line just below the above mentioned line that is “<IfModule mod_security2.c>“
—————————————————–
Include “/usr/local/apache/conf/pcre_modsecurity_exceeded_limits.conf”
—————————————————–
9)Save and quit the file.(Esc+:wq!)
10) Now just restart your apache and mysql service.
Run :
# [root@server ~]# /etc/init.d/httpd restart
# [root@server ~]# /etc/init.d/mysqld restart
The issue should be fixed now.

No comments:

Post a Comment