Thread: [mod-security-users] Getting Segmentation fault with to much rules
Brought to you by:
victorhora,
zimmerletw
From: <ste...@gm...> - 2006-03-09 08:49:13
|
I have mod_security 1.9.2 on Gentoo Linux, compiled with hardened gcc 3.4.5. The system has PaX and grsecurity active. mod_security is compiled with "-march=athlon-tbird -O2 -pipe -mmmx -m3dnow -fforce-addr -fomit-frame-pointer -falign-functions=4". Apache is 2.0.55. When I load to much rules (like the ones from http://www.gotroot.com/downloads/ftp/mod_security/blacklist.conf) into mod_security, then mod_security starts to get segmentation faults. I don't know why? Maybe the Propolice patch is catching somethig? My GCC version: gcc (GCC) 3.4.5 (Gentoo Hardened 3.4.5-r1, ssp-3.4.5-1.0, pie-8.7.9) Copyright (C) 2004 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE Does anyone have seen this before? cheers Steve -- "Feel free" mit GMX FreeMail! Monat für Monat 10 FreeSMS inklusive! http://www.gmx.net |
From: Ivan R. <iv...@we...> - 2006-03-09 09:33:49
|
ste...@gm... wrote: > I have mod_security 1.9.2 on Gentoo Linux, compiled with hardened gcc 3.4.5. > The system has PaX and grsecurity active. mod_security is compiled with > "-march=athlon-tbird -O2 -pipe -mmmx -m3dnow -fforce-addr > -fomit-frame-pointer -falign-functions=4". Apache is 2.0.55. > > When I load to much rules (like the ones from > http://www.gotroot.com/downloads/ftp/mod_security/blacklist.conf) into > mod_security, then mod_security starts to get segmentation faults. > > I don't know why? Maybe the Propolice patch is catching somethig? Sounds to me Apache is crashing because you don't have enough RAM to run all those rules. FYI, 1.9.3 uses less memory so you may be able to use that without crashing. Either way, you are killing the performance with such a large number of rules. Blacklisting, in particular, is much better done with an RBL-style protection. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
From: <ste...@gm...> - 2006-03-09 16:25:42
|
> --- Ursprüngliche Nachricht --- > Von: Ivan Ristic <iv...@we...> > An: ste...@gm... > Kopie: mod...@li... > Betreff: Re: [mod-security-users] Getting Segmentation fault with to much > rules > Datum: Thu, 09 Mar 2006 09:33:44 +0000 > > ste...@gm... wrote: > > I have mod_security 1.9.2 on Gentoo Linux, compiled with hardened gcc > 3.4.5. > > The system has PaX and grsecurity active. mod_security is compiled with > > "-march=athlon-tbird -O2 -pipe -mmmx -m3dnow -fforce-addr > > -fomit-frame-pointer -falign-functions=4". Apache is 2.0.55. > > > > When I load to much rules (like the ones from > > http://www.gotroot.com/downloads/ftp/mod_security/blacklist.conf) into > > mod_security, then mod_security starts to get segmentation faults. > > > > I don't know why? Maybe the Propolice patch is catching somethig? > > Sounds to me Apache is crashing because you don't have enough > RAM to run all those rules. > Okay. The system has 1GB memory. Did not know, that mod_security does take that much memory for the rules. > FYI, 1.9.3 uses less memory so you may be able to use that > without crashing. > Will install 1.9.3 right now. > Either way, you are killing the performance with such a large > number of rules. Blacklisting, in particular, is much better > done with an RBL-style protection. > How to implement RBL-style protection with mod_security? > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > ModSecurity: Open source Web Application Firewall > Apache Security (O'Reilly): http://www.apachesecurity.net > -- Bis zu 70% Ihrer Onlinekosten sparen: GMX SmartSurfer! Kostenlos downloaden: http://www.gmx.net/de/go/smartsurfer |
From: Ivan R. <iv...@we...> - 2006-03-09 16:32:17
|
ste...@gm... wrote: > > > Sounds to me Apache is crashing because you don't have enough > > RAM to run all those rules. > > > Okay. The system has 1GB memory. Did not know, that mod_security does take > that much memory for the rules. In a way it does not really matter how efficient ModSecurity is - you can always kill it by using too many rules. Plus, it depends on the type of traffic. Large requests translates to using a lot of memory to process them. The number of concurrent requests also plays a role. >> FYI, 1.9.3 uses less memory so you may be able to use that >> without crashing. >> > Will install 1.9.3 right now. BTW, it's still 1.9.3-rc1. Let us know how you fare. >> Either way, you are killing the performance with such a large >> number of rules. Blacklisting, in particular, is much better >> done with an RBL-style protection. >> > How to implement RBL-style protection with mod_security? I didn't necessarily mean to use ModSecurity for it. Incidently, 2.0.0-dev1 supports it - see my earlier post or the documentation. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |