Curtis,

Are you using some custom ruleset ? or using only CRS ?
Maybe i can copy your configuration/ruleset and try to reproduce, for better investigation

Thanks

Breno

On Wed, Feb 13, 2013 at 12:05 AM, Rainer Jung <rainer.jung@kippdata.de> wrote:
On 12.02.2013 22:26, Curtis Wood wrote:
> Hi All,
>
> We seem to have found a potential issue with mod security - we are using
> cPanel along with Apache 2.2.23/mod_security 2.7.1. We noticed a strange
> issue with Apache last year where it would be getting caught in an
> internal loop with the apr_pool_cleanup routines - essentially trying to
> clear the same pool over and over. Initially it was thought to only be
> with this customers particular website/setup - although recently we saw
> the same issues on our production servers and have verified it is same
> issue.
>
> We have disabled modsec2 fleet wide (2500+ servers) and the problem has
> ceased to exist at this time. Unfortunately we have no idea what
> triggers this, if it's a particular URL being accessed or what.

Pool cleanup loops typically indicate a corruption in the pool data
structures due to unsynchronized pool use by multiple threads. APR pools
are not thread-safe.

Regards,

Rainer


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php