Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Brian Rectanus <brectanu <at> gmail.com>
Subject: Re: SecPcreMatchLimit , SecPcreMatchLimitRecursion and CPU usage[ScanMail Notification] <>
Newsgroups: gmane.comp.apache.mod-security.user
Date: Wednesday 20th October 2010 17:44:45 UTC (over 6 years ago)
It means that the match attempt was aborted as it was taking too many
resources.  It is not harmful per se, but does mean that an attack
crafted to only match well into the recursion may bypass detection.

Most of these issues are caused by the PHPIDS rules.  You may want to
just disable these and then keep the default settings for the limits.

-B

On Wed, Oct 20, 2010 at 2:54 AM,  <[email protected]> wrote:
> No on can help?
>
> At least i want to know if the error PCRE limits exceeded (-8): (null) is
> harmful besides increase my error log size?
>
> Many thx!!!!!
>
> Jay
>
>
>
>             [email protected]
>             hk
>                                                
                       To
>             10/19/2010 01:33        
[email protected]
>             PM                        e.net
>                                                
                       cc
>
>                                                
                  Subject
>                                      
[mod-security-users]
>                                      
SecPcreMatchLimit ,
>                                      
SecPcreMatchLimitRecursion and CPU
>                                       usage[ScanMail
Notification] <                                       mail is fully
scanned.>>
>
>
>
>
>
>
>
>
>
>
>
> Hi all,
>
> I have google the relationship between CPU and SecPcreMatchLimit
> /SecPcreMatchLimitRecursion.
>
> I know that the when i lower the number of SecPcreMatchLimit
> /SecPcreMatchLimitRecursion and i may get occasional
> errors for limits exceeded (PCRE limits exceeded (-8): (null)), but the
> performance is better.
>
> However, for my case, when i use defult setting:
>
> SecPcreMatchLimit             1000
> SecPcreMatchLimitRecursion    1000
>
> The performance is good but there are lots of PCRE limits exceeded error
> flow.
>
> When i set the limit to 150000 (refer to some posts in google), the
errors
> gone but the performance is bad.
>
> Then i try to find out the optimal limit, i try 10000, 50000....but the
> performance is even worst than 150000, i cant believe it...
>
> i am thinking if i should set the limit to 5000 and just ignore the
errors
> flow? (cause the performance is good)
> Or there is another setting i have to configure?
>
> Please advice~~~
> Many thanks!!!
>
> Jay
> This e-mail is intended solely for the addressee.  If you have received
> this e-mail in error, please notify the sender by reply e-mail and
> immediately delete it from your system.
>
>
>
------------------------------------------------------------------------------
>
> Download new Adobe(R) Flash(R) Builder(TM) 4
> The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
> Flex(R) Builder(TM)) enable the development of rich applications that run
> across multiple browsers and platforms. Download your free trials today!
> http://p.sf.net/sfu/adobe-dev2dev
> _______________________________________________
> mod-security-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html
>
>
> This e-mail is intended solely for the addressee.  If you have received
> this e-mail in error, please notify the sender by reply e-mail and
> immediately delete it from your system.
>
>
>
------------------------------------------------------------------------------
> Download new Adobe(R) Flash(R) Builder(TM) 4
> The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
> Flex(R) Builder(TM)) enable the development of rich applications that run
> across multiple browsers and platforms. Download your free trials today!
> http://p.sf.net/sfu/adobe-dev2dev
> _______________________________________________
> mod-security-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html
>

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America
contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in
marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
mod-security-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
 
CD: 15ms