Thread: [mod-security-users] mod-security with IHS web server on linux machines (extremely slow)
Brought to you by:
victorhora,
zimmerletw
From: Abdallah B. <abd...@gm...> - 2014-05-01 16:14:00
|
Hello, I have IBM IHS (32 bit) installation on Linux server. I downloaded mod_security, compiled it successfully and start using the mod_security2.so file in my IHS server I loaded the library file ( so file) inside httpd.conf file. Once I load it, although I don't define any rule , opening apply application via this IHS will be extremely slow and it is taking more that 500 seconds to open one jsp file. while, If I comment the loading line /restart IHS server and test my jsp it is opening within milliseconds. file download from site :modsecurity-apache_2.7.7.tar.gz installation done using the following steps 1- alias gcc='gcc -32' export CFLAGS=-m32 $./configure --with-apxs=/HTTPServer/bin/apxs --with-apr=/HTTPServer/bin/apr-1-config --with-apu=/HTTPServer/bin/apu-1-config --with-libxml=/usr/local/libxml2_32/bin/xml2-config --with-pcre=/usr/bin/pcre-config --disable-mlogc CFLAGS=-m32 --prefix=/usr/local/modsec32_01may --enable-pcre-jit --enable-verbose-output $make $make test and as root #make install Kindly any help Thanks in advance |
From: Abdallah <abd...@gm...> - 2014-05-01 16:55:13
|
> Hello, > I have IBM IHS (32 bit) installation on Linux server. > > I downloaded mod_security, compiled it successfully and start using the mod_security2.so file in my IHS server > > I loaded the library file ( so file) inside httpd.conf file. Once I load it, although I don't define any rule , opening apply application via this IHS will be extremely slow and it is taking more that 500 seconds to open one jsp file. > > while, If I comment the loading line /restart IHS server and test my jsp it is opening within milliseconds. > > file download from site :modsecurity-apache_2.7.7.tar.gz > > > > installation done using the following steps > > 1- alias gcc='gcc -32' > export CFLAGS=-m32 > > $./configure --with-apxs=/HTTPServer/bin/apxs --with- apr=/HTTPServer/bin/apr-1-config --with-apu=/HTTPServer/bin/apu-1-config -- with-libxml=/usr/local/libxml2_32/bin/xml2-config --with-pcre=/usr/bin/pcre- config --disable-mlogc CFLAGS=-m32 --prefix=/usr/local/modsec32_01may -- enable-pcre-jit --enable-verbose-output > > > $make > > $make test > and as root > > #make install > > Kindly any help > > Thanks in advance |
From: Abdallah <abd...@gm...> - 2014-05-02 05:37:48
|
Abdallah Beydoun <abdullah.beydoun <at> gmail.com> writes: > > Hello, > I have IBM IHS (32 bit) installation on Linux server. > > I downloaded mod_security, compiled it successfully and start using the mod_security2.so file in my IHS server > > I loaded the library file ( so file) inside httpd.conf file. Once I load it, although I don't define any rule , opening apply application via this IHS will be extremely slow and it is taking more that 500 seconds to open one jsp file. > > while, If I comment the loading line /restart IHS server and test my jsp it is opening within milliseconds. > > file download from site :modsecurity-apache_2.7.7.tar.gz > > > > installation done using the following steps > > 1- alias gcc='gcc -32' > export CFLAGS=-m32 > > $./configure --with-apxs=/HTTPServer/bin/apxs --with- apr=/HTTPServer/bin/apr-1-config --with-apu=/HTTPServer/bin/apu-1-config -- with-libxml=/usr/local/libxml2_32/bin/xml2-config --with-pcre=/usr/bin/pcre- config --disable-mlogc CFLAGS=-m32 --prefix=/usr/local/modsec32_01may -- enable-pcre-jit --enable-verbose-output > > > $make > > $make test > and as root > > #make install > > Kindly any help > > Thanks in advance > Appreciate your reply/help as this issue is a showstopper for project Go- live. Thanks |
From: Felipe C. <FC...@tr...> - 2014-05-06 20:39:42
|
Hi Abdullah, Can you share your ModSecurity startup information? It should be in your error_log, something like this: [...] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) configured. [...] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8" [...] ModSecurity: PCRE compiled version="8.31 "; loaded version="8.31 2012-07-06" [...] ModSecurity: LUA compiled version="Lua 5.1" [...] ModSecurity: LIBXML compiled version="2.9.1" Did you tried to compile it without pcre-jit support? How is your cpu and memory load while performing this request? every request is slow? or just specific ones? Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On May 2, 2014, at 2:37 AM, Abdallah <abd...@gm...<mailto:abd...@gm...>> wrote: Abdallah Beydoun <abdullah.beydoun <at> gmail.com<http://gmail.com>> writes: Hello, I have IBM IHS (32 bit) installation on Linux server. I downloaded mod_security, compiled it successfully and start using the mod_security2.so file in my IHS server I loaded the library file ( so file) inside httpd.conf file. Once I load it, although I don't define any rule , opening apply application via this IHS will be extremely slow and it is taking more that 500 seconds to open one jsp file. while, If I comment the loading line /restart IHS server and test my jsp it is opening within milliseconds. file download from site :modsecurity-apache_2.7.7.tar.gz installation done using the following steps 1- alias gcc='gcc -32' export CFLAGS=-m32 $./configure --with-apxs=/HTTPServer/bin/apxs --with- apr=/HTTPServer/bin/apr-1-config --with-apu=/HTTPServer/bin/apu-1-config -- with-libxml=/usr/local/libxml2_32/bin/xml2-config --with-pcre=/usr/bin/pcre- config --disable-mlogc CFLAGS=-m32 --prefix=/usr/local/modsec32_01may -- enable-pcre-jit --enable-verbose-output $make $make test and as root #make install Kindly any help Thanks in advance Appreciate your reply/help as this issue is a showstopper for project Go- live. Thanks ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Abdallah <abd...@gm...> - 2014-05-07 10:55:23
|
Felipe Costa <FCosta <at> trustwave.com> writes: > > > Hi Abdullah, > > Can you share your ModSecurity startup information? It should be in your error_log, something like this: > > > [...] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) configured. > [...] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8" > [...] ModSecurity: PCRE compiled version="8.31 "; loaded version="8.31 2012-07-06" > [...] ModSecurity: LUA compiled version="Lua 5.1" > [...] ModSecurity: LIBXML compiled version="2.9.1" > > > Did you tried to compile it without pcre-jit support? How is your cpu and memory load while performing this request? every request is slow? or just specific ones? > > > Br., > > > Felipe "Zimmerle" Costa > > > Security Researcher, SpiderLabs > > > > > > Trustwave | SMART SECURITY ON DEMAND > > > www.trustwave.com > > > =========================== Dear, This is the output I'm getting from error_log file : [Tue May 06 19:18:30 2014] [notice] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) configured. [Tue May 06 19:18:30 2014] [notice] ModSecurity: APR compiled version="1.2.12"; loaded version="1.2.12" [Tue May 06 19:18:30 2014] [notice] ModSecurity: PCRE compiled version="8.34 "; loaded version="5.0 13-Sep-2004" [Tue May 06 19:18:30 2014] [warn] ModSecurity: Loaded PCRE do not match with compiled! [Tue May 06 19:18:30 2014] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Tue May 06 19:18:31 2014] [notice] WebSphere Plugins loaded. [Tue May 06 19:18:31 2014] [notice] Bld version: 7.0.0 [Tue May 06 19:18:31 2014] [notice] Bld date: Dec 4 2013, 22:56:49 [Tue May 06 19:18:31 2014] [notice] Webserver: IBM_HTTP_Server [Tue May 06 19:18:31 2014] [notice] Using config file /HTTPServer/conf/httpd.conf with -D`\x8d\xcf\bEC_2\x80\x1b\x07\b+\xcd\t\b - DMODSEC_2.5 -DMODSEC_2.7 [Tue May 06 19:18:31 2014] [notice] IBM_HTTP_Server/7.0.0.31 (Unix) configured -- resuming normal operations [Tue May 06 19:18:31 2014] [notice] Core file limit is 0; core dumps will be not be written for server crashes Also I tried to compile it without pcre-jit and I faced same behavior. Regarding CPU and memory , it is very normal as I'm the only one working on the server and trying to open the application. Yes we are facing the slowness with every request. Regards Abdallah Beydoun ====================== > > > On May 2, 2014, at 2:37 AM, Abdallah <abdullah.beydoun <at> gmail.com> wrote: > Abdallah Beydoun <abdullah.beydoun <at> > gmail.com> writes: > > Hello, > I have IBM IHS (32 bit) installation on Linux server. > I downloaded mod_security, compiled it successfully and start using the > > mod_security2.so file in my IHS server > > I loaded the library file ( so file) inside httpd.conf file. Once I load > > it, although I don't define any rule , opening apply application via this > IHS will be extremely slow and it is taking more that 500 seconds to open > one jsp file. > > while, If I comment the loading line /restart IHS server and test my jsp > > it is opening within milliseconds. > > file download from site :modsecurity-apache_2.7.7.tar.gz > installation done using the following steps > 1- alias gcc='gcc -32' > export CFLAGS=-m32 > $./configure --with-apxs=/HTTPServer/bin/apxs --with- > > apr=/HTTPServer/bin/apr-1-config --with-apu=/HTTPServer/bin/apu-1-config - - > with-libxml=/usr/local/libxml2_32/bin/xml2-config --with- pcre=/usr/bin/pcre- > config --disable-mlogc CFLAGS=-m32 --prefix=/usr/local/modsec32_01may -- > enable-pcre-jit --enable-verbose-output > > $make > $make test > and as root > #make install > Kindly any help > Thanks in advance > > > Appreciate your reply/help as this issue is a showstopper for project Go- > live. > Thanks > -------------------------------------------------------------------------- ---- > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free."http://p.sf.net/sfu/SauceLabs > _______________________________________________ > mod-security-users mailing list > mod-security-users <at> lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > > > > > This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information > contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. > > > -------------------------------------------------------------------------- ---- > Is your legacy SCM system holding you back? Join Perforce May 7 to find out: > • 3 signs your SCM is hindering your productivity > • Requirements for releasing software faster > • Expert tips and advice for migrating your SCM now > http://p.sf.net/sfu/perforce > > _______________________________________________ > mod-security-users mailing list > mod-security-users <at> lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
From: Ryan B. <RBa...@tr...> - 2014-05-07 16:21:45
|
On 5/7/14 6:55 AM, "Abdallah" <abd...@gm...> wrote: > > >Felipe Costa <FCosta <at> trustwave.com> writes: > >> >> >> Hi Abdullah, >> >> Can you share your ModSecurity startup information? It should be in >>your >error_log, something like this: >> >> >> [...] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) >configured. >> [...] ModSecurity: APR compiled version="1.4.8"; loaded version="1.4.8" >> [...] ModSecurity: PCRE compiled version="8.31 "; loaded version="8.31 >2012-07-06" >> [...] ModSecurity: LUA compiled version="Lua 5.1" >> [...] ModSecurity: LIBXML compiled version="2.9.1" >> >> >> Did you tried to compile it without pcre-jit support? How is your cpu >>and >memory load while performing this request? every request is slow? or just >specific ones? >> >> >> Br., >> >> >> Felipe "Zimmerle" Costa >> >> >> Security Researcher, SpiderLabs >> >> >> >> >> >> Trustwave | SMART SECURITY ON DEMAND >> >> >> www.trustwave.com >> >> >> =========================== >Dear, > >This is the output I'm getting from error_log file : > >[Tue May 06 19:18:30 2014] [notice] ModSecurity for Apache/2.7.7 >(http://www.modsecurity.org/) configured. >[Tue May 06 19:18:30 2014] [notice] ModSecurity: APR compiled >version="1.2.12"; loaded version="1.2.12" >[Tue May 06 19:18:30 2014] [notice] ModSecurity: PCRE compiled >version="8.34 >"; loaded version="5.0 13-Sep-2004" >[Tue May 06 19:18:30 2014] [warn] ModSecurity: Loaded PCRE do not match >with >compiled! You have a PCRE lib mismatch between ModSecurity and Apache. Make sure to compile against the same libs. -Ryan ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Abdallah <abd...@gm...> - 2014-05-08 07:59:54
|
Ryan Barnett <RBarnett <at> trustwave.com> writes: > >> =========================== > >Dear, > > > >This is the output I'm getting from error_log file : > > > >[Tue May 06 19:18:30 2014] [notice] ModSecurity for Apache/2.7.7 > >(http://www.modsecurity.org/) configured. > >[Tue May 06 19:18:30 2014] [notice] ModSecurity: APR compiled > >version="1.2.12"; loaded version="1.2.12" > >[Tue May 06 19:18:30 2014] [notice] ModSecurity: PCRE compiled > >version="8.34 > >"; loaded version="5.0 13-Sep-2004" > >[Tue May 06 19:18:30 2014] [warn] ModSecurity: Loaded PCRE do not match > >with > >compiled! > > You have a PCRE lib mismatch between ModSecurity and Apache. Make sure to > compile against the same libs. > > -Ryan > Abdallah wrote: Dear Ryan, How I can know the PCRE used by IBM IHS in order to compile using it. Actually I tried to compile without mentioning the existing PCRE installed on the server but I failed to compile mod_security without it. In IBM IHS there is no PCRE library , although your documents is saying Apache must has its own PCRE library. Please tell me where I can find the PCRE lib used by IBM IHS installation. Thanks & Regards |
From: Reindl H. <h.r...@th...> - 2014-05-08 09:22:20
Attachments:
signature.asc
|
Am 08.05.2014 09:59, schrieb Abdallah: > Ryan Barnett <RBarnett <at> trustwave.com> writes: >> You have a PCRE lib mismatch between ModSecurity and Apache. Make sure to >> compile against the same libs. > > How I can know the PCRE used by IBM IHS in order to compile using it. > > Actually I tried to compile without mentioning the existing PCRE installed > on the server but I failed to compile mod_security without it. > > In IBM IHS there is no PCRE library , although your documents is saying > Apache must has its own PCRE library. > > Please tell me where I can find the PCRE lib used by IBM IHS installation you need to consult somebody using "IBM IHS" normally it looks that way: * you have pcre-devel libraries on your build-environment * you build apache which links to that libraries * you build mod_security against the install httpd-devel * mod_security links against the same pcre-devel so the main question is why is your system wrecked having different pcre-versions , normally there is *one* shared by any package / software [root@buildserver:~]$ rpm -qa | grep pcre pcre-8.32-8.fc19.x86_64 pcre-devel-8.32-8.fc19.x86_64 |
From: Abdallah <abd...@gm...> - 2014-06-21 05:12:54
|
Abdallah <abdullah.beydoun <at> gmail.com> writes: Hello, Any news? Any troubleshooting plan? Thanks Abdallah |
From: Reindl H. <h.r...@th...> - 2014-06-21 08:38:18
Attachments:
signature.asc
|
Am 21.06.2014 07:12, schrieb Abdallah: > Hello, > Any news? > > Any troubleshooting plan? have you considered that nobody but you is using IHS? fankly i did never hear about it until 2 people here comaplained about troubles in context of modsec why don't you just use Apache? |
From: Abdallah <abd...@gm...> - 2014-07-10 06:12:35
|
Hello, I hope I could use Apache, mod_security is built-in with ORACLE SOA Apache server. The customer is IBM, and they own IHS so they will never use Apache. I'm obligated to use IHS. any help? I need to know why just defining the mod_security library inside httpd.conf without even activating any rule all requests become extremely slow. Thanks Abdsallah |
From: Abdallah <abd...@gm...> - 2014-08-06 06:26:55
|
Abdallah <abdullah.beydoun <at> gmail.com> writes: Dear, Any news, any help. we are not able to close the security assessment for the project. Thanks Abdallah |
From: Abdallah <abd...@gm...> - 2014-05-06 19:54:54
|
Hello, I have IBM IHS (32 bit) installation on Linux server. I downloaded mod_security, compiled it successfully and start using the mod_security2.so file in my IHS server I loaded the library file ( so file) inside httpd.conf file. Once I load it, although I don't define any rule , opening apply application via this IHS will be extremely slow and it is taking more that 500 seconds to open one jsp file. while, If I comment the loading line /restart IHS server and test my jsp it is opening within milliseconds. file download from site :modsecurity-apache_2.7.7.tar.gz installation done using the following steps 1- alias gcc='gcc -32' export CFLAGS=-m32 $./configure --with-apxs=/HTTPServer/bin/apxs --with- apr=/HTTPServer/bin/apr-1-config --with-apu=/HTTPServer/bin/apu-1-config -- with-libxml=/usr/local/libxml2_32/bin/xml2-config --with- pcre=/usr/bin/pcre-config --disable-mlogc CFLAGS=-m32 -- prefix=/usr/local/modsec32_01may -- enable-pcre-jit --enable-verbose-output $make $make test and as root #make install Kindly any help Thanks in advance Appreciate your reply/help as this issue is a showstopper for project Go- live. Thanks Dear, Any updates, Any troubleshooting plan? |
From: Abdallah <abd...@gm...> - 2014-05-08 10:43:04
|
Reindl Harald <h.reindl <at> thelounge.net> writes: > > > Am 08.05.2014 09:59, schrieb Abdallah: > > Ryan Barnett <RBarnett <at> trustwave.com> writes: > >> You have a PCRE lib mismatch between ModSecurity and Apache. Make sure to > >> compile against the same libs. > > > > How I can know the PCRE used by IBM IHS in order to compile using it. > > > > Actually I tried to compile without mentioning the existing PCRE installed > > on the server but I failed to compile mod_security without it. > > > > In IBM IHS there is no PCRE library , although your documents is saying > > Apache must has its own PCRE library. > > > > Please tell me where I can find the PCRE lib used by IBM IHS installation > > you need to consult somebody using "IBM IHS" > > normally it looks that way: > > * you have pcre-devel libraries on your build-environment > * you build apache which links to that libraries > * you build mod_security against the install httpd-devel > * mod_security links against the same pcre-devel > > so the main question is why is your system wrecked > having different pcre-versions , normally there is > *one* shared by any package / software > > [root <at> buildserver:~]$ rpm -qa | grep pcre > pcre-8.32-8.fc19.x86_64 > pcre-devel-8.32-8.fc19.x86_64 > > ==== Abdallah wrote: Actually the IBM IHS not compiled on this machine , IBM installed already compiled IHS version . Now we downloaded the PCRE 5.0 from pcre.org (we choose this since it is the version loaded by IHS) 1- we compiled PCRE 5.0 2- compiled mod_security using this PCRE 5.0 now we are not getting any warning in error.log [Thu May 08 16:20:59 2014] [notice] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) configured. [Thu May 08 16:20:59 2014] [notice] ModSecurity: APR compiled version="1.2.12"; loaded version="1.2.12" [Thu May 08 16:20:59 2014] [notice] ModSecurity: PCRE compiled version="5.0 "; loaded version="5.0 13-Sep-2004" [Thu May 08 16:20:59 2014] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Thu May 08 16:21:00 2014] [notice] WebSphere Plugins loaded. [Thu May 08 16:21:00 2014] [notice] Bld version: 7.0.0 [Thu May 08 16:21:00 2014] [notice] Bld date: Dec 4 2013, 22:56:49 [Thu May 08 16:21:00 2014] [notice] Webserver: IBM_HTTP_Server [Thu May 08 16:21:00 2014] [notice] Using config file /HTTPServer/conf/httpd.conf with -Dx\r\xd3\bEC_2\x80\x1b\x07\b+\xcd\t\b - DMODSEC_2.5 -DMODSEC_2.7 [Thu May 08 16:21:00 2014] [notice] IBM_HTTP_Server/7.0.0.31 (Unix) configured -- resuming normal operations [Thu May 08 16:21:00 2014] [notice] Core file limit is 0; core dumps will be not be written for server crashes [Thu May 08 16:31:03 2014] [notice] mpmstats: rdy 48 bsy 2 rd 0 wr 0 ka 1 log 0 dns 0 cls 1 [Thu May 08 16:31:03 2014] [notice] mpmstats: bsy: 1 in mod_security2.c [Thu May 08 16:33:32 2014] [error] [client 10.234.200.173] File does not exist: /HTTPServer/htdocs/favicon.ico But, we still calling any request is extremely slow Please advise Thanks |
From: Ryan B. <RBa...@tr...> - 2014-05-09 14:32:15
|
What were your compilation/configure flags? Ryan Barnett Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 5/8/14 6:42 AM, "Abdallah" <abd...@gm...> wrote: >Reindl Harald <h.reindl <at> thelounge.net> writes: > >> >> >> Am 08.05.2014 09:59, schrieb Abdallah: >> > Ryan Barnett <RBarnett <at> trustwave.com> writes: >> >> You have a PCRE lib mismatch between ModSecurity and Apache. Make >>sure >to >> >> compile against the same libs. >> > >> > How I can know the PCRE used by IBM IHS in order to compile using it. >> > >> > Actually I tried to compile without mentioning the existing PCRE >installed >> > on the server but I failed to compile mod_security without it. >> > >> > In IBM IHS there is no PCRE library , although your documents is >>saying >> > Apache must has its own PCRE library. >> > >> > Please tell me where I can find the PCRE lib used by IBM IHS >installation >> >> you need to consult somebody using "IBM IHS" >> >> normally it looks that way: >> >> * you have pcre-devel libraries on your build-environment >> * you build apache which links to that libraries >> * you build mod_security against the install httpd-devel >> * mod_security links against the same pcre-devel >> >> so the main question is why is your system wrecked >> having different pcre-versions , normally there is >> *one* shared by any package / software >> >> [root <at> buildserver:~]$ rpm -qa | grep pcre >> pcre-8.32-8.fc19.x86_64 >> pcre-devel-8.32-8.fc19.x86_64 >> >> >==== >Abdallah wrote: > >Actually the IBM IHS not compiled on this machine , IBM installed already >compiled IHS version . Now we downloaded the PCRE 5.0 from pcre.org (we >choose this since it is the version loaded by IHS) > >1- we compiled PCRE 5.0 >2- compiled mod_security using this PCRE 5.0 > >now we are not getting any warning in error.log > >[Thu May 08 16:20:59 2014] [notice] ModSecurity for Apache/2.7.7 >(http://www.modsecurity.org/) configured. >[Thu May 08 16:20:59 2014] [notice] ModSecurity: APR compiled >version="1.2.12"; loaded version="1.2.12" >[Thu May 08 16:20:59 2014] [notice] ModSecurity: PCRE compiled >version="5.0 >"; loaded version="5.0 13-Sep-2004" >[Thu May 08 16:20:59 2014] [notice] ModSecurity: LIBXML compiled >version="2.7.8" >[Thu May 08 16:21:00 2014] [notice] WebSphere Plugins loaded. >[Thu May 08 16:21:00 2014] [notice] Bld version: 7.0.0 >[Thu May 08 16:21:00 2014] [notice] Bld date: Dec 4 2013, 22:56:49 >[Thu May 08 16:21:00 2014] [notice] Webserver: IBM_HTTP_Server >[Thu May 08 16:21:00 2014] [notice] Using config file >/HTTPServer/conf/httpd.conf with -Dx\r\xd3\bEC_2\x80\x1b\x07\b+\xcd\t\b - >DMODSEC_2.5 -DMODSEC_2.7 >[Thu May 08 16:21:00 2014] [notice] IBM_HTTP_Server/7.0.0.31 (Unix) >configured -- resuming normal operations >[Thu May 08 16:21:00 2014] [notice] Core file limit is 0; core dumps will >be >not be written for server crashes >[Thu May 08 16:31:03 2014] [notice] mpmstats: rdy 48 bsy 2 rd 0 wr 0 ka 1 >log 0 dns 0 cls 1 >[Thu May 08 16:31:03 2014] [notice] mpmstats: bsy: 1 in mod_security2.c >[Thu May 08 16:33:32 2014] [error] [client 10.234.200.173] File does not >exist: /HTTPServer/htdocs/favicon.ico > > >But, we still calling any request is extremely slow > >Please advise >Thanks > > > > >-------------------------------------------------------------------------- >---- >Is your legacy SCM system holding you back? Join Perforce May 7 to find >out: >• 3 signs your SCM is hindering your productivity >• Requirements for releasing software faster >• Expert tips and advice for migrating your SCM now >http://p.sf.net/sfu/perforce >_______________________________________________ >mod-security-users mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-users >Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >http://www.modsecurity.org/projects/commercial/rules/ >http://www.modsecurity.org/projects/commercial/support/ > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Abdallah <abd...@gm...> - 2014-05-10 07:53:29
|
Abdallah wrote: 10-may-2014 For PCRE alias gcc='gcc -m32' export CFLAGS=-m32 ./configure --prefix=/usr/local/pcre5.0_32 CFLAGS=-m32 make make test sudo make install For mod_security: alias gcc='gcc -m32' export CFLAGS=-m32 ./configure --with-apxs=/HTTPServer/bin/apxs --with-apr=/HTTPServer/bin/apr- 1-config --with-apu=/HTTPServer/bin/apu-1-config --with- libxml=/usr/local/libxml2_32/bin/xml2-config --with- pcre=/usr/local/pcre5.0_32/bin/pcre-config --disable-mlogc CFLAGS=-m32 -- prefix=/usr/local/modsec32_08may --enable-verbose-output make make test sudo make install Regards Abdallah |
From: Felipe C. <FC...@tr...> - 2014-05-12 12:31:04
|
Hi Abdallah, The intention of pcre version verification is to make sure that, both, ModSecurity and Apache are running the same library. The version is a strong indication of that, however, the compilation of those could be made with different compilations flags, or patches. Our recommendation is to really use the same library. You have said that: once you loads ModSecurity your Apache started to answer slowly to your requests, have you used the modsecurity.conf-recommended configuration file? Enabled/Disabled ModSecurity using this configuration? Does it make any difference? During the compilation i've saw that you have used make test, is it "pass" in all tests? how long it takes? There is something else, in your Apache log that may indicates something about the problem? What about ModSecurity debug log? can you enable it and share with us? Can you give more details on your Apache version and other apache modules that you are running? (httpd -V and https -l) Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On May 10, 2014, at 4:53 AM, Abdallah <abd...@gm...<mailto:abd...@gm...>> wrote: Abdallah wrote: 10-may-2014 For PCRE alias gcc='gcc -m32' export CFLAGS=-m32 ./configure --prefix=/usr/local/pcre5.0_32 CFLAGS=-m32 make make test sudo make install For mod_security: alias gcc='gcc -m32' export CFLAGS=-m32 ./configure --with-apxs=/HTTPServer/bin/apxs --with-apr=/HTTPServer/bin/apr- 1-config --with-apu=/HTTPServer/bin/apu-1-config --with- libxml=/usr/local/libxml2_32/bin/xml2-config --with- pcre=/usr/local/pcre5.0_32/bin/pcre-config --disable-mlogc CFLAGS=-m32 -- prefix=/usr/local/modsec32_08may --enable-verbose-output make make test sudo make install Regards Abdallah ------------------------------------------------------------------------------ Is your legacy SCM system holding you back? Join Perforce May 7 to find out: • 3 signs your SCM is hindering your productivity • Requirements for releasing software faster • Expert tips and advice for migrating your SCM now http://p.sf.net/sfu/perforce _______________________________________________ mod-security-users mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Abdallah <abd...@gm...> - 2014-05-29 13:00:46
|
Dear Felipe Sorry for my late reply === I used modsecurity.conf-recommended configuration file and still same behavoir tail -f acccess.log 10.201.22.236 - - [29/May/2014:17:26:49 +0600] "GET /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 7723 10.201.22.236 - - [29/May/2014:17:26:50 +0600] "GET /TPF/faces/a4j.res/org.ajax4jsf.framework.ajax.AjaxScript HTTP/1.1" 200 35549 10.201.22.236 - - [29/May/2014:17:27:21 +0600] "GET /favicon.ico HTTP/1.1" 404 291 10.201.22.236 - - [29/May/2014:17:27:30 +0600] "GET /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 7723 10.201.22.236 - - [29/May/2014:17:29:25 +0600] "POST /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 6307 10.201.22.236 - - [29/May/2014:17:29:32 +0600] "GET /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 7723 10.201.22.236 - - [29/May/2014:17:32:32 +0600] "POST /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 6307 10.201.22.236 - - [29/May/2014:17:29:25 +0600] "POST /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 198 10.201.22.236 - - [29/May/2014:17:32:32 +0600] "POST /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 198 10.201.22.236 - - [29/May/2014:17:29:25 +0600] "GET /favicon.ico HTTP/1.1" 404 291 10.201.22.236 - - [29/May/2014:17:36:41 +0600] "GET /TPF/faces/pages/security/dashboard.jsp HTTP/1.1" 200 37073 10.201.22.236 - - [29/May/2014:17:40:50 +0600] "GET /TPF/faces//ugm/TABS_Platform.css HTTP/1.1" 404 4609 10.201.22.236 - - [29/May/2014:17:40:49 +0600] "GET /TPF/faces/css/seed/mode.css HTTP/1.1" 200 42609 10.201.22.236 - - [29/May/2014:17:27:20 +0600] "POST /TPF/faces/pages/security/predashboard.jsp HTTP/1.1" 200 198 10.201.22.236 - - [29/May/2014:17:40:49 +0600] "GET /TPF/faces/css/ugm/TABS_Platform.css HTTP/1.1" 200 30725 tail -f error.log [Thu May 29 17:19:04 2014] [notice] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) configured. [Thu May 29 17:19:04 2014] [notice] ModSecurity: APR compiled version="1.2.12"; loaded version="1.2.12" [Thu May 29 17:19:04 2014] [notice] ModSecurity: PCRE compiled version="5.0 "; loaded version="5.0 13-Sep-2004" [Thu May 29 17:19:04 2014] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Thu May 29 17:19:05 2014] [notice] WebSphere Plugins loaded. [Thu May 29 17:19:05 2014] [notice] Bld version: 7.0.0 [Thu May 29 17:19:05 2014] [notice] Bld date: Dec 4 2013, 22:56:49 [Thu May 29 17:19:05 2014] [notice] Webserver: IBM_HTTP_Server [Thu May 29 17:19:05 2014] [notice] Using config file /HTTPServer/conf/httpd.conf with -DN -DMODSEC_2.7 -DMODSEC_2.5 -DMODSEC_2.7 [Thu May 29 17:19:05 2014] [notice] IBM_HTTP_Server/7.0.0.31 (Unix) configured -- resuming normal operations [Thu May 29 17:19:05 2014] [notice] Core file limit is 0; core dumps will be not be written for server crashes [Thu May 29 17:29:08 2014] [notice] mpmstats: rdy 46 bsy 4 rd 1 wr 2 ka 1 log 0 dns 0 cls 0 [Thu May 29 17:29:08 2014] [notice] mpmstats: bsy: 2 in mod_security2.c [Thu May 29 17:29:12 2014] [error] [client 10.201.22.236] File does not exist: /HTTPServer/htdocs/favicon.ico [Thu May 29 17:39:08 2014] [notice] mpmstats: rdy 46 bsy 4 rd 1 wr 2 ka 1 log 0 dns 0 cls 0 [Thu May 29 17:39:08 2014] [notice] mpmstats: bsy: 2 in mod_security2.c [Thu May 29 17:40:38 2014] [error] [client 10.201.22.236] File does not exist: /HTTPServer/htdocs/favicon.ico [Thu May 29 17:49:09 2014] [notice] mpmstats: rdy 47 bsy 3 rd 1 wr 1 ka 1 log 0 dns 0 cls 0 [Thu May 29 17:49:09 2014] [notice] mpmstats: bsy: 2 in mod_security2.c Even I enabled the debug log but nothing written in debug.log file This is what I added at the end of httpd.conf file LoadFile /usr/local/libxml2_32/lib/libxml2.so LoadModule security2_module modules/mod_security2.so #<IfModule mod_security2.c> <IfModule security2_module> Include /HTTPServer/conf/modsecurity.conf </IfModule> # where /HTTPServer/conf/modsecurity.conf is the modsecurity.conf-recommended I got from the modsecurity source ================= make test didn't take too much time and all tests passed without any error =========================== [tabsweb1@CDHKTABSAPZT04.bd.airtel.com]:/HTTPServer/bin$./httpd -V Server version: IBM_HTTP_Server/7.0.0.31 (Unix) Apache version: 2.2.8 (with additional fixes) Server built: Sep 10 2013 10:57:48 Build level: IHS70/webIHS1336.01 Server's Module Magic Number: 20051115:21 Server loaded: APR 1.2.12, APR-Util 1.2.12 Compiled using: APR 1.2.12, APR-Util 1.2.12 Architecture: 32-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/worker" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/opt/IBMIHS" -D SUEXEC_BIN="/opt/IBMIHS/bin/suexec" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Apache vulnerability fixes included: CVE-2005-3352 CVE-2005-3357 CVE-2006-3918 CVE-2006-3747 CVE-2007-4465 CVE-2007-1862 CVE-2006-5752 CVE-2007-3304 CVE-2007-1863 CVE-2007-3847 CVE-2008-0005 CVE-2007-5000 CVE-2007-6388 CVE-2007-6422 CVE-2007-6421 CVE-2006-7225 CVE-2007-6420 CVE-2008-2364 CVE-2008-2939 CVE-2009-1195 CVE-2009-1955 CVE-2009-0023 CVE-2009-1956 CVE-2009-1890 CVE-2009-1891 CVE-2009-2412 CVE-2009-1191 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 CVE-2010-0408 CVE-2010-0434 CVE-2010-1452 CVE-2010-1623 CVE-2009-3560 CVE-2009-3720 CVE-2011-0419 CVE-2011-1928 CVE-2011-3192 CVE-2011-3348 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 CVE-2011-3607 CVE-2012-0717 CVE-2012-0031 CVE-2012-0053 CVE-2012-0883 CVE-2012-2190 CVE-2012-2191 CVE-2012-2687 CVE-2012-4558 CVE-2012-3499 CVE-2012-4557 CVE-2013-0169 CVE-2013-1862 CVE-2013-1896 ========================== [tabsweb1@CDHKTABSAPZT04.bd.airtel.com]:/HTTPServer/bin$./httpd -l Compiled in modules: core.c worker.c http_core.c mod_suexec.c mod_so.c ================================ Please Advise Thanks & Regards Abdallah Beydoun |
From: Abdallah <abd...@gm...> - 2014-06-07 15:59:45
|
Dear, Any news ? Thanks & Regards |
From: Abdallah <abd...@gm...> - 2014-06-10 08:13:54
|
Dear, Any news, Any steps we can apply? Thanks Abdallah |
From: Felipe C. <FC...@tr...> - 2014-06-10 12:48:04
|
Hi Abdallah, Did you had a chance to use the same libpcre that your Apache is using? Or you still using your custom one that matches the versions? What about the make test, how long it takes? is it falling in any test? Br., Felipe "Zimmerle" Costa Security Researcher, SpiderLabs m: +55 81 8706.5547 Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> On Jun 10, 2014, at 5:13 AM, Abdallah <abd...@gm...<mailto:abd...@gm...>> wrote: Dear, Any news, Any steps we can apply? Thanks Abdallah ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://scanmail.trustwave.com/?c=4062&d=kb-W0260j__mOeEplaA_qYjur91oD2AHFPrJ8B9Yfg&s=5&u=http%3a%2f%2fp%2esf%2enet%2fsfu%2fhpccsystems _______________________________________________ mod-security-users mailing list mod...@li... http://scanmail.trustwave.com/?c=4062&d=kb-W0260j__mOeEplaA_qYjur91oD2AHFKrM8xsJeA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://scanmail.trustwave.com/?c=4062&d=kb-W0260j__mOeEplaA_qYjur91oD2AHFPiep0JdfA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f http://scanmail.trustwave.com/?c=4062&d=kb-W0260j__mOeEplaA_qYjur91oD2AHFPma9U4JKQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Abdallah <abd...@gm...> - 2014-06-11 07:52:45
|
Hi Felipe, I used the PCRE source downloaded from site and match my apache version, I compiled it and used it for mod_security compilation. I couldn't get the one used by IHS Regarding make test it didn't take time and finished without any error , no failing test. Kindly advise Regards |