Re: [mod-security-users] ruleUpdateTargetById memory leak still an issue?
Brought to you by:
victorhora,
zimmerletw
From: Breno S. <bre...@gm...> - 2012-03-08 15:05:51
|
Hi Ty, I will investigate it. Thanks Breno On Thu, Mar 8, 2012 at 8:57 AM, Ty <ty7...@gm...> wrote: > We're finding that there still appears to be a memory leak when using > ruleUpdateTargetById with ModSecurity 2.6.3, basically the same as > described here for 2.6.1 and reported fixed in 2.6.2: > > http://sourceforge.net/mailarchive/message.php?msg_id=28312040 > > The memory utilization appears to be improved somewhat since 2.6.1, but > it still runs away over time. > > Our test procedures were to simply run wget to retrieve a page repeatedly > in a single thread. With 2.6.1 our httpd.exe process's memory > utilitization would grow from 56MB to 500MB in less than 15 seconds and > grow to several GB in a matter of minutes. With version 2.6.3 the process > would grow to 500MB in approximately 30 minutes, and to over 3GB in about > 90 minutes. > > Our (desired) usage of ruleUpdateTargetById may be somewhat exceptional. > We have a number of fields where we allow HTML markup to be passed in, a > la what you might find in an eBay posting. These fields are protected from > XSS in the web application itself, and we've found modern versions of the > CRS to be very unforgiving when even trivial HTML markup is being passed. > The workaround we came up with is to have a rule chain like the following, > one per parameter (of which there are over 60): > > SecRule REQUEST_URI "our_page" "chain,phase:2,pass,log,msg:'Adjusting > target list for known false positives in our_field parameter '" > SecRule ARGS_NAMES > "our_field" "ctl:ruleUpdateTargetById=958030;!ARGS:our_field,ctl:ruleUpdateTargetById=973300;!ARGS:our_field,ctl:ruleUpdateTargetById=973304;!ARGS:our_field,ctl:ruleUpdateTargetById=973306;!ARGS:our_field,ctl:ruleUpdateTargetById=973316;!ARGS:our_field,ctl:ruleUpdateTargetById=973333;!ARGS:our_field,ctl:ruleUpdateTargetById=973335;!ARGS:our_field,ctl:ruleUpdateTargetById=973332;!ARGS:our_field" > > Any help we can get on this is appreciated. > > Thanks, > Ty > > > > ------------------------------------------------------------------------------ > Virtualization & Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |