[Mod-security-developers] 2.9.0-RC1 test results
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] 2.9.0-RC1 test results
|
From: Walter H. <mo...@sp...> - 2014-11-24 17:09:51
|
Hi Felipe and others, Thanks again for the hard work on the release. Here are my preliminary experiences with 2.9.0-RC1 on FreeBSD. My overall impression is the normal ModSecurity features and earlier ones introduced in 2.8.0 seem mostly stable, with one weird exception. The remote resources didn't work for me at all. I've updated the FreeBSD port to pull in yajl, curl (ModSec would not load without), lua51 (see below), and optionally ssdeep. I have to read about fuzzy hashing before testing it, but it builds and the syntax seems to be accepted. Okay, on to the problems I've found. All tests were on FreeBSD 10.0-p12 with stack smashing protection, amd64, Apache 2.4.10 prefork, OpenSSL 1.0.1j, clang 3.3. 1) High prio: Remote resources fail with segfaults and other problems in @pmFromFile, @ipMatchFromFile and SecRemoteRules. https://gist.github.com/lifeforms/102f66246de8bd33a2ca 2) High prio: Undiagnosed persistent crash. https://gist.github.com/lifeforms/4356643edfe8f39c2991 3) Medium prio: httpd crash on every request when using Lua 5.2. Working fine with Lua 5.1. https://gist.github.com/lifeforms/3ecc60c67012a053d060 4) Low prio: Apache log messages not prefixed with name. (Also present in earlier version) https://gist.github.com/lifeforms/4b41ae6464073ced39f5 Since I don't know if it's a useful workflow to create github issues, I’ve put the long descriptions in gists for now, but of course I can submit them wherever you like. If I can submit more info, let me know. Except for issue 2) it’s easy to reproduce. Thanks! WH -- Walter Hop | PGP key: https://lifeforms.nl/pgp |
