Hi, All,

I’m a newbie to mod security, today I when I integrate Nginx with mod_security and find our memory is eats up,

Sometimes CPU load is 90%+.

If we comments out mod security settings, it goes well.

 

Please give some clue to fix this problem.

 

Blow is our Setting:

# /usr/local/nginx/sbin/nginx -V

nginx version: nginx/1.2.6

built by gcc 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC)

TLS SNI support enabled

configure arguments: --user=nginx --group=nginx --with-http_secure_link_module --with-http_random_index_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-ipv6 --add-module=../modsecurity-apache_2.7.5/nginx/modsecurity/ --add-module=../nginx_tcp_proxy_module-0.26/ --add-module=../ngx_cache_purge-1.5/

 

I have attach to Nginx process for several times,  blow is the bt result:

#0  0x0000000000446df0 in ngx_http_write_filter ()

#1  0x00000000004557c1 in ngx_http_chunked_body_filter ()

#2  0x000000000045a323 in ngx_http_gzip_body_filter ()

#3  0x000000000045b0bd in ngx_http_postpone_filter ()

#4  0x000000000045b6d6 in ngx_http_ssi_body_filter ()

#5  0x000000000045f7df in ngx_http_charset_body_filter ()

#6  0x000000000046118c in ngx_http_xslt_body_filter ()

#7  0x0000000000462dc8 in ngx_http_image_body_filter ()

#8  0x000000000046379e in ngx_http_sub_body_filter ()

#9  0x000000000046414b in ngx_http_addition_body_filter ()

#10 0x000000000048f935 in ngx_http_modsecurity_body_filter ()

#11 0x000000000041a992 in ngx_output_chain ()

#12 0x0000000000447303 in ngx_http_copy_filter ()

#13 0x0000000000455b0d in ngx_http_range_body_filter ()

#14 0x000000000043a086 in ngx_http_output_filter ()

#15 0x00000000004410d2 in ngx_http_send_special ()

#16 0x000000000044f95c in ngx_http_upstream_finalize_request ()

#17 0x0000000000450419 in ngx_http_upstream_process_request ()

#18 0x00000000004504d5 in ngx_http_upstream_process_upstream ()

#19 0x00000000004531ce in ngx_http_upstream_process_header ()

#20 0x000000000045090a in ngx_http_upstream_handler ()

#21 0x000000000042cd8a in ngx_event_process_posted ()

#22 0x000000000042cc5a in ngx_process_events_and_timers ()

#23 0x0000000000432863 in ngx_worker_process_cycle ()

#24 0x00000000004311a4 in ngx_spawn_process ()

#25 0x0000000000432fff in ngx_master_process_cycle ()

#26 0x000000000041809a in main ()

 

#0  0x0000000000446d30 in ngx_http_write_filter ()

#1  0x00000000004557c1 in ngx_http_chunked_body_filter ()

#2  0x000000000045a323 in ngx_http_gzip_body_filter ()

#3  0x000000000045b0bd in ngx_http_postpone_filter ()

#4  0x000000000045b6d6 in ngx_http_ssi_body_filter ()

#5  0x000000000045f7df in ngx_http_charset_body_filter ()

#6  0x000000000046118c in ngx_http_xslt_body_filter ()

#7  0x0000000000462dc8 in ngx_http_image_body_filter ()

#8  0x000000000046379e in ngx_http_sub_body_filter ()

#9  0x000000000046414b in ngx_http_addition_body_filter ()

#10 0x000000000048f935 in ngx_http_modsecurity_body_filter ()

#11 0x000000000041a992 in ngx_output_chain ()

#12 0x0000000000447303 in ngx_http_copy_filter ()

#13 0x0000000000455b0d in ngx_http_range_body_filter ()

#14 0x000000000043a086 in ngx_http_output_filter ()

#15 0x00000000004410d2 in ngx_http_send_special ()

#16 0x000000000044f95c in ngx_http_upstream_finalize_request ()

#17 0x0000000000450419 in ngx_http_upstream_process_request ()

#18 0x00000000004504d5 in ngx_http_upstream_process_upstream ()

#19 0x00000000004531ce in ngx_http_upstream_process_header ()

#20 0x000000000045090a in ngx_http_upstream_handler ()

#21 0x000000000042cd8a in ngx_event_process_posted ()

#22 0x000000000042cc5a in ngx_process_events_and_timers ()

#23 0x0000000000432863 in ngx_worker_process_cycle ()

#24 0x00000000004311a4 in ngx_spawn_process ()

#25 0x0000000000431dda in ngx_start_worker_processes ()

#26 0x0000000000432d84 in ngx_master_process_cycle ()

#27 0x000000000041809a in main ()

 

(gdb) bt

#0  0x00002aebc10739e4 in _int_malloc () from /lib64/libc.so.6

#1  0x00002aebc107448d in malloc () from /lib64/libc.so.6

#2  0x00002aebc1075169 in posix_memalign () from /lib64/libc.so.6

#3  0x000000000042eff8 in ngx_memalign ()

#4  0x0000000000418bcd in ngx_palloc_block ()

#5  0x0000000000418dd6 in ngx_palloc ()

#6  0x000000000041a4e1 in ngx_alloc_chain_link ()

#7  0x0000000000446cff in ngx_http_write_filter ()

#8  0x00000000004557c1 in ngx_http_chunked_body_filter ()

#9  0x000000000045a323 in ngx_http_gzip_body_filter ()

#10 0x000000000045b0bd in ngx_http_postpone_filter ()

#11 0x000000000045b6d6 in ngx_http_ssi_body_filter ()

#12 0x000000000045f7df in ngx_http_charset_body_filter ()

#13 0x000000000046118c in ngx_http_xslt_body_filter ()

#14 0x0000000000462dc8 in ngx_http_image_body_filter ()

#15 0x000000000046379e in ngx_http_sub_body_filter ()

#16 0x000000000046414b in ngx_http_addition_body_filter ()

#17 0x000000000048f935 in ngx_http_modsecurity_body_filter ()

#18 0x000000000041a992 in ngx_output_chain ()

#19 0x0000000000447303 in ngx_http_copy_filter ()

#20 0x0000000000455b0d in ngx_http_range_body_filter ()

#21 0x000000000043a086 in ngx_http_output_filter ()

#22 0x00000000004410d2 in ngx_http_send_special ()

#23 0x000000000044f95c in ngx_http_upstream_finalize_request ()

#24 0x0000000000450419 in ngx_http_upstream_process_request ()

#25 0x00000000004504d5 in ngx_http_upstream_process_upstream ()

#26 0x00000000004531ce in ngx_http_upstream_process_header ()

#27 0x000000000045090a in ngx_http_upstream_handler ()

#28 0x000000000042cd8a in ngx_event_process_posted ()

#29 0x000000000042cc5a in ngx_process_events_and_timers ()

#30 0x0000000000432863 in ngx_worker_process_cycle ()

#31 0x00000000004311a4 in ngx_spawn_process ()

#32 0x0000000000431dda in ngx_start_worker_processes ()

#33 0x0000000000432d84 in ngx_master_process_cycle ()

#34 0x000000000041809a in main ()