How is it possible that suricata and mod_security use different values to evaluate insensitive expressions?

Within mod_security equivalent pcre for insensitive should be (as we can see on rx directive): "@rx (?i)nikto"

while in suricata should be /nikto/i 

So if both are using pcre software and libraries, how is it possible that insensitive searchs perform in different way for each software?

If I want to parse a pcre to match a vulnerability, not exploit, should I parse all the pcre into normal content and finally convert it again into pcre for mod_security?

Which pcre does modsecurity uses? Is there any manual reference?

Kind regards,

2014-01-29 Jose Pablo Valcárcel Lázaro <>
Good morning.

I was wondering if someone could advice me how to convert regular expression as 

into mod_security compatible regular expression.

Looking at the exploit exploit vulnerability string is 
<object id=TestObj classid="CLSID:{E2883E8F-472F-4fb0-9522-AC9BF37916A7}"

So I understand that using the pcre you should be able to stop any variation of the exploit?

Kind regards,