I have been look around trying to get this working right for a while now, and finally bit the bullet and posted here.
I've got a LAMP stack with ModSecurity using the OWASP core rule set (v 2.2.5) and just installed Wordpress. I expected conflicts with ModSecurity, but I haven't been able to ignore or work aroudn the only error I've encountered so far.
The Apache error.log file and the modsec_audit.log both list the same error:
ModSecurity: Rule 7f5d9a449228 [id "950901"][file "/etc/modsecurity/owasp-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null).`
I've tried creating a new .conf file where the crs conf files are located containing
<LocationMatch .*>
<IfModule mod_security2.c>
SecRuleRemoveById 950901
</IfModule>
</LocationMatch>
and even removed the IfModule statement and then LocationMatch statement when it didn't work.
Finally I resorted to commenting out lines 76 and 77 in the .conf file, and the error still appeared. This also had no effect.
Only changing SecRuleEngine to Off in modsecurity.conf finally let me access the page. Of course this defeats the purpose of ModSec.
Where am I going wrong?
Try adding this to your php.ini file (or included conf file):
pcre.backtrack_limit = 10000000
pcre.recursion_limit = 10000000
And then this to your modsecurity.conf:
SecPcreMatchLimit 150000
SecPcreMatchLimitRecursion 150000
This should allow for recursion without having to fully disable mod_security.