Are you getting a crash ? If so...
Please get me a backtrace from the core dump.
Basically do this in httpd.conf:
Make sure there is a core dump area with something like:
Make sure limits are set to dump core:
ulimit -c unlimited
Restart apache and trigger the error. A core file should be in the directory
Then use gdb to get a backtrace:
gdb /path/to/httpd /path/to/core --batch --quiet \
-ex "thread apply all bt full" > backtrace.log
send me the output *privately* making sure there is no sensitive data in it first.
After days of frustration, Im reaching out J
Because of the addition of decodeBase64Ext, I obviously needed to update modsecurity. But once I updated from 2.5.11 to .13, httpd no longer completes startup, and eventually chews 100% of the CPU, and needs to be cancelled.
I am running
Httpd 2.2.17 (Have tried 2.2.15) (I have tried compiling this with external pcre with no luck)
Through a process of trial and much error I am also running these (although they didn’t change the behaviour at all)
Modsec 2.5.11 runs perfectly, even recompiling it in the updated environment it works fine.
I tried modsec 2.5.12 and it has the same issues. I have also tried compiling modsec with the pcre that comes with httpd with no change.
I have googled around a heap and found a number of similar issues, but unfortunately with no fix.
Running httpd with debugging enabled doesn’t give me anything useful
[root@dev /usr/local/src/modsecurity-apache_2.5.13/apache2]# /usr/local/apache/bin/apachectl -e debug
[Tue Mar 22 05:40:55 2011] [debug] mod_so.c(246): loaded module php5_module
[Tue Mar 22 05:40:55 2011] [debug] mod_so.c(246): loaded module security2_module
This is what lead me to change pcre, but hey, im not exactly sure how to use gdb
[root@dev /usr/local/src]# gdb -p 52455 /usr/local/apache/bin/httpd
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Attaching to program: /usr/local/apache/bin/httpd, process 52455
Reading symbols from /lib/libz.so.5...done.
Loaded symbols for /lib/libz.so.5
Reading symbols from /usr/lib/libssl.so.6...done.
Loaded symbols for /usr/lib/libssl.so.6
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /usr/local/apache/lib/libaprutil-1.so.3...done.
Loaded symbols for /usr/local/apache/lib/libaprutil-1.so.3
Reading symbols from /usr/local/lib/libexpat.so.6...done.
Loaded symbols for /usr/local/lib/libexpat.so.6
Reading symbols from /usr/local/apache/lib/libapr-1.so.4...done.
Loaded symbols for /usr/local/apache/lib/libapr-1.so.4
Reading symbols from /lib/libcrypt.so.5...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /lib/libthr.so.3...done.
[New Thread 8015021c0 (LWP 100466)]
Loaded symbols for /lib/libthr.so.3
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/apache/modules/libphp5.so...done.
Loaded symbols for /usr/local/apache/modules/libphp5.so
Reading symbols from /usr/local/lib/libmcrypt.so.8...done.
Loaded symbols for /usr/local/lib/libmcrypt.so.8
Reading symbols from /usr/local/lib/libltdl.so.7...done.
Loaded symbols for /usr/local/lib/libltdl.so.7
Reading symbols from /usr/local/lib/libintl.so.8...done.
Loaded symbols for /usr/local/lib/libintl.so.8
Reading symbols from /usr/local/lib/libpng.so.6...done.
Loaded symbols for /usr/local/lib/libpng.so.6
Reading symbols from /usr/local/lib/libjpeg.so.11...done.
Loaded symbols for /usr/local/lib/libjpeg.so.11
Reading symbols from /usr/local/lib/libcurl.so.6...done.
Loaded symbols for /usr/local/lib/libcurl.so.6
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.16...done.
Loaded symbols for /usr/local/lib/mysql/libmysqlclient.so.16
Reading symbols from /usr/local/lib/libxml2.so.5...done.
Loaded symbols for /usr/local/lib/libxml2.so.5
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /usr/local/apache/modules/mod_security2.so...done.
Loaded symbols for /usr/local/apache/modules/mod_security2.so
Reading symbols from /usr/local/lib/libpcre.so.0...done.
Loaded symbols for /usr/local/lib/libpcre.so.0
Reading symbols from /usr/local/lib/liblua-5.1.so.1...done.
Loaded symbols for /usr/local/lib/liblua-5.1.so.1
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
[Switching to Thread 8015021c0 (LWP 100466)]
0x0000000802c5a729 in find_minlength () from /usr/local/lib/libpcre.so.0
It seems to me that something fundamental has changed in 2.5.12+ that is making it difficult for FreeBSD somehow…
Any help would be greatly appreciated!
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
mod-security-users mailing list
ModSecurity Services from Trustave's SpiderLabs: