Re: [Mod-security-developers] Do not work with 2.6.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Do not work with 2.6.0
|
From: momo-i <web...@mo...> - 2011-06-04 03:19:10
|
Dear Breno, good morning all, I compiled with same APR version both. (oops, i forgot to send my os environment...) --- # uname -a Linux www.example.com 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release Fedora release 15 (Lovelock) --- Do I have to provide other informations? apache --- ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config --with-apr-util=/usr/bin/apu-1-config --- httpd version is to see prev mail. modsecurity --- LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec --with-apxs=/opt/apache2/bin/apxs --- it finds --- checking for libapr config script... /usr/bin/apr-1-config configure: using apr v1.4.5 checking for libapu config script... /usr/bin/apu-1-config configure: using apu v1.3.12 --- all results http://ja.pastebin.ca/2074419 And here is httpd error.log and main config file. error.log(level debug) http://ja.pastebin.ca/2074417 config(exclude comment lines) http://ja.pastebin.ca/2074418 vhosts setting http://ja.pastebin.ca/2074421 bad to use virtual hosts? Thank you for your kind cooperation. Regards, momo-i. (2011/06/04 5:59), Breno Silva wrote: > Also .. please make sure you are compiling and using the same APR > version in your apache and modsecurity. Your bucket is an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So my first idea is > something wrong with APR... maybe different compiled and linked versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm... > <mailto:bre...@gm...>> wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult to read, please > forgive me. > > I have searched for on Google, I could not find a similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were all the same. > I also tried 2.5.13 with the same settings, no problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following line, this issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, whether or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be called again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment > with vRanger. > Installation's a snap, and flexible recovery options mean your > data is safe, > secure and there when you need it. Discover what all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > |
