Re: [Mod-security-developers] Do not work with 2.6.0

[Breno S. <bre...@gm...>]

Hi momo-i,

Please let me know if you saw any kind ot msg into error.log when the EOS
Bucket msgs appears into debug.log

thanks

Breno

On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo...> wrote:

> Dear Breno,
> good morning all,
>
> I compiled with same APR version both.
> (oops, i forgot to send my os environment...)
>
> ---
> # uname -a
> Linux www.example.com 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28
> UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
> # cat /etc/redhat-release
> Fedora release 15 (Lovelock)
> ---
> Do I have to provide other informations?
>
> apache
> ---
> ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config
> --with-apr-util=/usr/bin/apu-1-config
> ---
> httpd version is to see prev mail.
>
> modsecurity
>
> ---
> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec
> --with-apxs=/opt/apache2/bin/apxs
> ---
> it finds
> ---
> checking for libapr config script... /usr/bin/apr-1-config
> configure: using apr v1.4.5
> checking for libapu config script... /usr/bin/apu-1-config
> configure: using apu v1.3.12
> ---
> all results
> http://ja.pastebin.ca/2074419
>
> And here is httpd error.log and main config file.
>
> error.log(level debug)
> http://ja.pastebin.ca/2074417
>
> config(exclude comment lines)
> http://ja.pastebin.ca/2074418
> vhosts setting
> http://ja.pastebin.ca/2074421
>
> bad to use virtual hosts?
>
>
> Thank you for your kind cooperation.
> Regards,
> momo-i.
>
> (2011/06/04 5:59), Breno Silva wrote:
>
>> Also .. please make sure you are compiling and using the same APR
>> version in your apache and modsecurity. Your bucket is an EOS  but
>> APR_BUCKET_IS_EOF appears to be not recognizing it.  So my first idea is
>> something wrong with APR... maybe different compiled and linked versions
>> used in apache and modsecurity.
>>
>> Check it please .. and send your log and conf.
>>
>> thanks
>>
>> Breno
>>
>> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm...
>> <mailto:bre...@gm...>> wrote:
>>
>>    Hi,
>>
>>    Could you send your error.log and your main conf file ?
>>
>>    thanks
>>
>>    Breno
>>
>>
>>    On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo...
>>    <mailto:web...@mo...>> wrote:
>>
>>        Hi all,
>>
>>        # first, my native language is japanese.
>>        # I'm not so good at English, may be difficult to read, please
>>        forgive me.
>>
>>        I have searched for on Google, I could not find a similar case,
>>        so send
>>        to mailing list for the first time.
>>        Please forgive become long ones.
>>
>>        (1) I have compiled 2.6.0 yesterday, If configured
>>        SecResponseBodyAccess
>>        to On, IE displays the error.
>>        (2) And generating post traffic on Drupal(7.2),
>>        httpd is an abnormally high CPU.
>>        I tried httpd 2.2.17-19, and the results were all the same.
>>        I also tried 2.5.13 with the same settings, no problem.
>>
>>        (1)
>>        Set to debug level 9 and using telnet command.
>>        Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended
>>        ---
>>        # telnet localhost 80
>>        Trying 127.0.0.1...
>>        Connected to localhost.
>>        Escape character is '^]'.
>>        GET / HTTP/1.0
>>        Host: localhost
>>
>>        Connection closed by foreign host.
>>        ---
>>
>>        debug.log
>>        http://ja.pastebin.ca/2074112
>>
>>        I think that the reason for this result is always returned null.
>>        "APR_BUCKET_IS_EOS(bucket)"
>>
>>        And, for testing, comment out the following line, this issue is
>>        resolved.
>>        http://ja.pastebin.ca/2074116
>>
>>        However, I am so familiar with Apache modules, whether or not I
>>        would
>>        not know this is a permanent solution.
>>
>>        apache2/apache2_io.c line: 862
>>        ---
>>                if (msr->of_done_reading == 0) {
>>                    /* We are done for now. We will be called again with
>>        more
>>        data. */
>>                    return APR_SUCCESS;
>>                }
>>        ---
>>
>>        (2)
>>        Also, using drupal(7.2) POST, loops following line...
>>        (25 million lines per second)
>>        [03/Jun/2011:22:47:18 +0900]
>>        [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter:
>> Bucket
>>        type EOS contains 0 bytes.
>>        http://ja.pastebin.ca/2074118
>>
>>        ---
>>        POST / HTTP/1.1
>>        Accept: text/html, application/xhtml+xml, */*
>>        Referer: http://localhost/
>>        Accept-Language: ja-JP
>>        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1;
>>        WOW64;
>>        Trident/5.0)
>>        Content-Type: application/x-www-form-urlencoded
>>        Accept-Encoding: gzip, deflate
>>        Host: localhost
>>        Content-Length: 133
>>        Connection: Keep-Alive
>>        Cache-Control: no-cache
>>        ---
>>
>>        here is httpd version.
>>        ---
>>        # /opt/apache2/bin/httpd -V
>>        Server version: Apache/2.2.19 (Unix)
>>        Server built:   Jun  3 2011 10:01:37
>>        Server's Module Magic Number: 20051115:28
>>        Server loaded:  APR 1.4.5, APR-Util 1.3.12
>>        Compiled using: APR 1.4.5, APR-Util 1.3.12
>>        Architecture:   64-bit
>>        Server MPM:     Worker
>>          threaded:     yes (fixed thread count)
>>            forked:     yes (variable process count)
>>        Server compiled with....
>>          -D APACHE_MPM_DIR="server/mpm/worker"
>>          -D APR_HAS_SENDFILE
>>          -D APR_HAS_MMAP
>>          -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>>          -D APR_USE_SYSVSEM_SERIALIZE
>>          -D APR_USE_PTHREAD_SERIALIZE
>>          -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>>          -D APR_HAS_OTHER_CHILD
>>          -D AP_HAVE_RELIABLE_PIPED_LOGS
>>          -D DYNAMIC_MODULE_LIMIT=128
>>          -D HTTPD_ROOT="/opt/apache2"
>>          -D SUEXEC_BIN="/opt/apache2/bin/suexec"
>>          -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>>          -D DEFAULT_ERRORLOG="logs/error_log"
>>          -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>>          -D SERVER_CONFIG_FILE="conf/httpd.conf"
>>        ---
>>
>>        2.6.0 compile option
>>        ------------------------
>>        LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec
>>        --with-apxs=/opt/apache2/bin/apxs
>>        ------------------------
>>
>>        Thank you for your kind cooperation.
>>        Regards,
>>        momo-i.
>>
>>
>>  ------------------------------------------------------------------------------
>>        Simplify data backup and recovery for your virtual environment
>>        with vRanger.
>>        Installation's a snap, and flexible recovery options mean your
>>        data is safe,
>>        secure and there when you need it. Discover what all the
>>        cheering's about.
>>        Get your free trial download today.
>>        http://p.sf.net/sfu/quest-dev2dev2
>>        _______________________________________________
>>        mod-security-developers mailing list
>>        mod...@li...
>>        <mailto:mod...@li...>
>>
>>
>> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>>        ModSecurity Services from Trustwave's SpiderLabs:
>>        https://www.trustwave.com/spiderLabs.php
>>
>>
>>
>>