Bobcares

ModSecurity PCRE limits exceeded – Easy fix!

by | Nov 13, 2019

Isn’t it irritating to see ‘ModSecurity PCRE limits exceeded’ error?

This error generally occurs when the value of the variables SecPcreMatchLimit and SecPcreMatchLimitRecursion are too low. It can even occur when the server is under a DOS attack too.

At Bobcares, we often receive requests to fix ModSecurity errors as a part of our Server Management Services.

Today, let’s discuss the cause of this error see how our Support Engineers fix it.

 

What causes ModSecurity PCRE limits exceeded error to occur?

Before heading for the cause of this error, let’s take a look at what PCRE is. And then we shall see what causes this error to occur.

PCRE is abbreviated as Perl Compatible Regular Expressions. The PCRE package contains PCRE libraries. These are useful for implementing regular expression pattern matching using the same syntax and semantics as Perl.

PCRE limits are the settings internal to the PCRE engine. They are used to limit the maximum amount of memory/time spent on trying to match some text to a pattern.

If the PCRE limit is low then it is more difficult to subvert PCRE and the regular expressions to commit DoS attacks. The different PCRE limits include SecPcreMatchLimit, SecPcreMatchLimitRecursion, pcre.backtrack_limit, and pcre.recursion_limit.

The default value set for this limit is 10 million. In case, if a proper value is not provided then the ModSecurity will throw an error.

These limits are the major cause for this error to occur. This can be an aftereffect of complex Modsecurity rules. The content may be so complex that the WAF stops doing too much work which could lead to a DOS attack on the system itself. Additionally, the error can display when the server is actually under a DDOS attack.

 

How we fix ModSecurity PCRE limits exceeded?

Having a decade of experience in managing servers, our Dedicated Engineers are familiar with the ModSecurity errors. The primary objective is to find whether the server is actually under attack or not.

Now, let’s discuss how our Support Engineers fix this error.

Recently, one of our customers received the below error message

mod_security - PCRE limits exceeded (-8): (null)

As a first step, we examined the server log files to ensure that the server was not under attack. This happened due to the complex regular expression on the websites. Thus, we had to raise the PCRE limits to fix the error.

So, our Support Engineers added the below codes in httpd.conf file.

SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000

Then, we added the below codes in php.ini file.

pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000

After that, we restarted the Apache using the command:

service httpd restart

Finally, this fixed the error.

 

[Need any assistance with Modsecurity errors? – We’ll help you]

 

Conclusion

In short, the error ModSecurity PCRE limits exceeded occurs due to the low value set for PCRE limits. Today, we saw how our Support Engineers fix this error.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

2 Comments

  1. Allan St. George

    And how would this fix be applied to a Windows IIS Server using ModSecurity with the same PCRE errors?

    Reply
    • Arya MA

      Hi Allan,

      You may want to modify the SecPcreMatchLimit and SecPcreMatchLimitRecursion parameters from the modsecurity.conf. If you still find problems, we’ll be happy to talk to you on chat (click on the icon at right-bottom).

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.