By default the regex match limit is set to 30k cpu cycles in the WAF profile. 

In some scenarios, HTTP request may be rejected or flagged by CRS rules with error "Processing aborted: operator Rx failed: regex execution limit exceeded, regex_match_limit=30000"

Example WAF log:

In order to resolve this error you would increase the regex match limit in the WAF profile.  However, increasing the value does not resolve this issue.

Example:

Doubled valued - 60k

Doubled value - 120k

Doubled value - 240k

Affects Version(s): 22.1.7, 30.2.1, 30.2.2, 31.1.1

There was a recent change in the product where CRS rules have been decoupled from the WAF policy and virtual service, this affected how the CRS rules are processed leading to regex execution limit exceeded issue.  This only affects CRS rules. Configured Pre-CRS and Post-CRS rules are proceed correctly and the regex_match_limit is honored.

This issue is still under review, while a permanent resolution is delivered, please apply the optional workaround(s):

1. The first recommendation would be to disable the CRS rule(s) flagging the requests, but only if you have confirmed this is not a security concern.
2. The second recommendation would be to increase the regex match limit if disabling the CRS rule(s) is not possible due to security requirements.
   
   The workaround for the second recommendation would be as follows:
   a. Copy the modsec rule text from the CRS rule(s)
   b. Disabled CRS rule(s)
   c. Create Pre-CRS rule(s) from the copied modsec rule text - Ensure the rule ID is unique and not the same as the CRS rule IDs.
   d. Increase the regex_match_limit in the Waf profile as needed until the error clears. (Please monitor the SEs cpu utilization via the GUI as increasing the regex execution limit can add cpu overhead, please contact technical support if you have any concerns)