We have a lot of users running Apache worker and prefork. However to be honest i don't remember anyone that contact me using event. So, as i never saw a report about this issue using worker and prefork... you can try both and send us a feedback.



On Wed, Feb 13, 2013 at 10:14 PM, Rainer Jung <rainer.jung@kippdata.de> wrote:
On 13.02.2013 19:21, Curtis Wood wrote:
> Hi Guys,
> Yes, mpm-event is experimental - and now with everything coming to
> light, that may be the whole problem along with the apr not being thread
> safe it sounds like?

The event MPM itself should not be the problem. The APR libraries were
originally developed as a basis for Apache 2 and many of the Apache devs
are also APR devs.

But the threaded nature of the Apache processes when using the event or
worker MPMs means that all modules must be programmed thread-safe too.
Most of the popular ones are though.

> After talking it over some we may just go with the prefork.

If that is an option for you, chances are good the problem vanishes.

> On the actual system - sry about that :-P We are on Linux X86_64, CentOS
> 5.9 - On the extra modules, we have ssl,fcgi,passenger,bw_limited and qos

Ah, lots of 3rd party. You could try to update to latest versions of
those. I don't have an indication, that those have a problem though.

> On when it happens - it can be at any time, originally when this came to
> light on a single site VPS, you could randomly click links to trigger it
> after a few minutes - while, clicking the same link twice would not
> guarantee anything. On the main servers which get a lot more traffic, it
> can be anywhere from hours to days.



Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
mod-security-developers mailing list
ModSecurity Services from Trustwave's SpiderLabs: