Re: [mod-security-users] mod-security with IHS web server on linux machines (extremely slow)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

What were your compilation/configure flags?

Ryan Barnett
Lead Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com <http://www.trustwave.com/>

On 5/8/14 6:42 AM, "Abdallah" <abd...@gm...> wrote:

>Reindl Harald <h.reindl <at> thelounge.net> writes:
>
>>
>>
>> Am 08.05.2014 09:59, schrieb Abdallah:
>> > Ryan Barnett <RBarnett <at> trustwave.com> writes:
>> >> You have a PCRE lib mismatch between ModSecurity and Apache. Make
>>sure
>to
>> >> compile against the same libs.
>> >
>> > How I can know the PCRE used by IBM IHS in order to compile using it.
>> >
>> > Actually I tried to compile without mentioning the existing PCRE
>installed
>> > on the server but I failed to compile mod_security without it.
>> >
>> > In IBM IHS there is no PCRE library , although your documents is
>>saying
>> > Apache must has its own PCRE library.
>> >
>> > Please tell me where I can find the PCRE lib used by IBM IHS
>installation
>>
>> you need to consult somebody using "IBM IHS"
>>
>> normally it looks that way:
>>
>> * you have pcre-devel libraries on your build-environment
>> * you build apache which links to that libraries
>> * you build mod_security against the install httpd-devel
>> * mod_security links against the same pcre-devel
>>
>> so the main question is why is your system wrecked
>> having different pcre-versions , normally there is
>> *one* shared by any package / software
>>
>> [root <at> buildserver:~]$ rpm -qa | grep pcre
>> pcre-8.32-8.fc19.x86_64
>> pcre-devel-8.32-8.fc19.x86_64
>>
>>
>====
>Abdallah wrote:
>
>Actually the IBM IHS not compiled on this machine , IBM installed already
>compiled IHS version . Now we downloaded the PCRE 5.0 from pcre.org (we
>choose this since it is the version loaded by IHS)
>
>1- we compiled PCRE 5.0
>2- compiled mod_security using this PCRE 5.0
>
>now we are not getting any warning in error.log
>
>[Thu May 08 16:20:59 2014] [notice] ModSecurity for Apache/2.7.7
>(http://www.modsecurity.org/) configured.
>[Thu May 08 16:20:59 2014] [notice] ModSecurity: APR compiled
>version="1.2.12"; loaded version="1.2.12"
>[Thu May 08 16:20:59 2014] [notice] ModSecurity: PCRE compiled
>version="5.0
>"; loaded version="5.0 13-Sep-2004"
>[Thu May 08 16:20:59 2014] [notice] ModSecurity: LIBXML compiled
>version="2.7.8"
>[Thu May 08 16:21:00 2014] [notice] WebSphere Plugins loaded.
>[Thu May 08 16:21:00 2014] [notice] Bld version: 7.0.0
>[Thu May 08 16:21:00 2014] [notice] Bld date: Dec  4 2013, 22:56:49
>[Thu May 08 16:21:00 2014] [notice] Webserver: IBM_HTTP_Server
>[Thu May 08 16:21:00 2014] [notice] Using config file
>/HTTPServer/conf/httpd.conf with -Dx\r\xd3\bEC_2\x80\x1b\x07\b+\xcd\t\b -
>DMODSEC_2.5 -DMODSEC_2.7
>[Thu May 08 16:21:00 2014] [notice] IBM_HTTP_Server/7.0.0.31 (Unix)
>configured -- resuming normal operations
>[Thu May 08 16:21:00 2014] [notice] Core file limit is 0; core dumps will
>be
>not be written for server crashes
>[Thu May 08 16:31:03 2014] [notice] mpmstats: rdy 48 bsy 2 rd 0 wr 0 ka 1
>log 0 dns 0 cls 1
>[Thu May 08 16:31:03 2014] [notice] mpmstats: bsy: 1 in mod_security2.c
>[Thu May 08 16:33:32 2014] [error] [client 10.234.200.173] File does not
>exist: /HTTPServer/htdocs/favicon.ico
>
>
>But, we still calling any request is extremely slow
>
>Please advise
>Thanks
>
>
>
>
>--------------------------------------------------------------------------
>----
>Is your legacy SCM system holding you back? Join Perforce May 7 to find
>out:
>&#149; 3 signs your SCM is hindering your productivity
>&#149; Requirements for releasing software faster
>&#149; Expert tips and advice for migrating your SCM now
>http://p.sf.net/sfu/perforce
>_______________________________________________
>mod-security-users mailing list
>mod...@li...
>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
>http://www.modsecurity.org/projects/commercial/rules/
>http://www.modsecurity.org/projects/commercial/support/
>

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.