This is an internal limit to prevent a special type of DOS attack on the WAF itself. This is not caused by any of the rules. This is caused by the content the rules are inspecting. In certain cases, the content may be so complex that the WAF is stopping itself from doing too much work which could lead to a DOS attack on the system itself. If your system is generating these kinds of errors, it means you need to set the limits higher on your system, while it is beyond the scope of this article, another solution is to reduce the complexity of the content you are inspecting.
It is also possible this is occurring due to an actual DOS attack on your system. If you are certain this is not a DOS attack, simply increase these limits accordingly for your system. we recommend a minimum of 250000 for a modern system.
SecPcreMatchLimit 250000 SecPcreMatchLimitRecursion 250000
You may have to increase these limits for your system if you continue to get PCRE limit errors.
Comments
1 comment
We found that in some cases this was triggerd because the use of older PHP version, after switching to 7.3 for a client experiencing this the problem was gone.
Please sign in to leave a comment.