Re: [Mod-security-developers] Do not work with 2.6.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Do not work with 2.6.0
|
From: momo-i <web...@mo...> - 2011-06-05 00:28:03
|
Dear Breno, Okay, I'll try previous version of APR/APU, so please wait for moment. (2011/06/05 9:23), Breno Silva wrote: > Hi momo-i, > > I saw you are using the lastest APR/APU library version, release in the > end of May. What APR/APU version you used with 2.5.13 ? > If you can try modsec 2.6.0 with a previious version of APR/APU will be > great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. > > Thanks > > Breno > > On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket message > appears in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > > Hi momo-i, > > Please let me know if you saw any kind ot msg into error.log > when the > EOS Bucket msgs appears into debug.log > > thanks > > Breno > > On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... > <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> wrote: > > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com <http://www.example.com> > <http://www.example.com> > > 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 > x86_64 > x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 > --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > > Also .. please make sure you are compiling and using the > same APR > version in your apache and modsecurity. Your bucket is > an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So > my first > idea is > something wrong with APR... maybe different compiled and > linked > versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva > <bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>>> > > wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i > <web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult > to read, > please > forgive me. > > I have searched for on Google, I could not find a > similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were > all the same. > I also tried 2.5.13 with the same settings, no > problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and > modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always > returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following > line, this > issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, > whether > or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be > called > again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following > line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] > Input > filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; > Windows > NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure > --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual > environment > with vRanger. > Installation's a snap, and flexible recovery options > mean your > data is safe, > secure and there when you need it. Discover what > all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > |
