Hi all,

We're experiencing something odd with modsecurity.

We added modsecurity 2.7.2 to an Apache 2.2.24 server that has never had modsecurity loaded before.  Of many hundreds of web sites it serves, one site (that we know of) started spitting out seemingly random binary data instead of the index.html file.  This doesn't happen every time you load the page, but always with the same site.

The output was mostly gibberish, with the occasional recognisable string that clearly came from .htaccess files and virtual host config files that the main config includes.  Basically it looks like it was dumping memory.  And so much of it that the browser hangs.

Note that there were *no* rules loaded, and SecRuleEngine was not even on, simply having the module loaded caused the problem.  MMAP and Sendfile are off.  We recompiled Apache and all modules (FreeBSD).  The site in question has no PHP, just plain html.  They do have a .htaccess file that enables SSI, adds some expire headers, and enabled mod_deflate.

We've removed modsecurity and the problem goes away.  We add it back and the problem returns, so it pretty clearly has something to do with modsecurity, although it could be that some other module is also related.  The modules in use are listed at the end of this message.

Also, httpd appears to segfault when this happens (not sure if it's the same request as I don't have mod_forensic installed at the moment, but it never segfaults when modsecurity is not loaded).

Any thoughts?  Any more info I should provide?
 
Mark
 
Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
actions_module (shared)
alias_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_file_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
expires_module (shared)
filter_module (shared)
geoip_module (shared)
headers_module (shared)
include_module (shared)
log_config_module (shared)
logio_module (shared)
mime_module (shared)
negotiation_module (shared)
php5_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
ssl_module (shared)
unique_id_module (shared)
proctitle_module (shared)
mysql_auth_module (shared)