Regular Expression Limits Overrides for Intrusion Rules

The default regular expression limits ensure a minimum level of performance. Overriding these limits could increase security, but could also significantly impact performance by permitting packet evaluation against inefficient regular expressions.

Caution

Do not override default PCRE limits unless you are an experienced intrusion rule writer with knowledge of the impact of degenerative patterns.

Regular Expression Constraint Options
Option	Description
Match Limit State	Specifies whether to override Match Limit. You have the following options: select Default to use the value configured for Match Limit select Unlimited to permit an unlimited number of attempts select Custom to specify either a limit of 1 or greater for Match Limit, or to specify 0 to completely disable PCRE match evaluations
Match Limit	Specifies the number of times to attempt to match a pattern defined in a PCRE regular expression.
Match Recursion Limit State	Specifies whether to override Match Recursion Limit. You have the following options: select Default to use the value configured for Match Recursion Limit select Unlimited to permit an unlimited number of recursions select Custom to specify either a limit of 1 or greater for Match Recursion Limit, or to specify 0 to completely disable PCRE recursions Note that for Match Recursion Limit to be meaningful, it must be smaller than Match Limit.
Match Recursion Limit	Specifies the number of recursions when evaluating a PCRE regular expression against the packet payload.