Re: [Mod-security-developers] Do not work with 2.6.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Do not work with 2.6.0
|
From: Breno S. <bre...@gm...> - 2011-06-05 00:23:48
|
Hi momo-i, I saw you are using the lastest APR/APU library version, release in the end of May. What APR/APU version you used with 2.5.13 ? If you can try modsec 2.6.0 with a previious version of APR/APU will be great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. Thanks Breno On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo...> wrote: > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket message appears > in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > >> Hi momo-i, >> >> Please let me know if you saw any kind ot msg into error.log when the >> EOS Bucket msgs appears into debug.log >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... >> <mailto:web...@mo...>> wrote: >> >> Dear Breno, >> good morning all, >> >> I compiled with same APR version both. >> (oops, i forgot to send my os environment...) >> >> --- >> # uname -a >> Linux www.example.com <http://www.example.com> >> >> 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 >> x86_64 x86_64 GNU/Linux >> # cat /etc/redhat-release >> Fedora release 15 (Lovelock) >> --- >> Do I have to provide other informations? >> >> apache >> --- >> ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config >> --with-apr-util=/usr/bin/apu-1-config >> --- >> httpd version is to see prev mail. >> >> modsecurity >> >> --- >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> --- >> it finds >> --- >> checking for libapr config script... /usr/bin/apr-1-config >> configure: using apr v1.4.5 >> checking for libapu config script... /usr/bin/apu-1-config >> configure: using apu v1.3.12 >> --- >> all results >> http://ja.pastebin.ca/2074419 >> >> And here is httpd error.log and main config file. >> >> error.log(level debug) >> http://ja.pastebin.ca/2074417 >> >> config(exclude comment lines) >> http://ja.pastebin.ca/2074418 >> vhosts setting >> http://ja.pastebin.ca/2074421 >> >> bad to use virtual hosts? >> >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> (2011/06/04 5:59), Breno Silva wrote: >> >> Also .. please make sure you are compiling and using the same APR >> version in your apache and modsecurity. Your bucket is an EOS but >> APR_BUCKET_IS_EOF appears to be not recognizing it. So my first >> idea is >> something wrong with APR... maybe different compiled and linked >> versions >> used in apache and modsecurity. >> >> Check it please .. and send your log and conf. >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva >> <bre...@gm... <mailto:bre...@gm...> >> <mailto:bre...@gm... <mailto:bre...@gm...>>> >> >> wrote: >> >> Hi, >> >> Could you send your error.log and your main conf file ? >> >> thanks >> >> Breno >> >> >> On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... >> <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>>> >> wrote: >> >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult to read, >> please >> forgive me. >> >> I have searched for on Google, I could not find a >> similar case, >> so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured >> SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were all the same. >> I also tried 2.5.13 with the same settings, no problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and >> modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always >> returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following line, this >> issue is >> resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, whether >> or not I >> would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be called >> again with >> more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] Input >> filter: Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows >> NT 6.1; >> WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual >> environment >> with vRanger. >> Installation's a snap, and flexible recovery options >> mean your >> data is safe, >> secure and there when you need it. Discover what all the >> cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> <mailto:mod...@li... >> <mailto:mod...@li...>> >> >> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> >> |
