[mod-security-users] Collections_remove_stale: Failed deleting collection
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Collections_remove_stale: Failed deleting collection
|
From: Sophie L. <sop...@tr...> - 2015-08-20 12:26:16
|
Hi,
I installed some rules for rate limiting was concerned by a message
in modsec_audit.log.
My question: What does this error message really mean?
Message: collections_remove_stale: Failed deleting collection (name
"ip", key "213.56.235.241_ef6e1e02a3981d38a7faf3db672aa4a4bf7cb53c"):
Internal error
Some additional notes
I thought this may be related to /var/lib/mod_security/ip.pag or
user.pag. So, I installed modsec-sdbm-util to see if this dB needed
shrinking periodically, was fragmented or should be emptied ( e.g >
ip.pag ) and still saw the messages.
# modsec-sdbm-util -s ip.pag
Opening file: ip.pag
Database ready to be used.
[\] 720 records so far.
Total of 726 elements processed.
0 elements removed.
Expired elements: 6, inconsistent items: 0
Fragmentation rate: 0.83% of the database is/was dirty data.
# modsec-sdbm-util -s user.pag
Opening file: user.pag
Database ready to be used.
[-] 790 records so far.
Total of 799 elements processed.
0 elements removed.
Expired elements: 12, inconsistent items: 0
Fragmentation rate: 1.50% of the database is/was dirty data.
Some version information
mod_security-2.7.3-2.el6.x86_64
modsec-sdbm-util v1.0
Activated rules,
/etc/https/conf.d/mod_security.conf
/etc/httpd/modsecurity.d/modsec_sophie.conf
/etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf
# cat /etc/httpd/modsecurity.d/modsec_sophie.conf
SecAction
initcol:ip=%{REMOTE_ADDR},pass,nolog,id:10000001,msg:Sophie_10000001
SecAction
"phase:5,deprecatevar:ip.somepathcounter=1/1,pass,nolog,id:10000002,msg:Sophie_10000002"
SecRule IP:SOMEPATHCOUNTER "@gt 60"
"phase:2,pause:300,deny,status:509,setenv:RATELIMITED,skip:1,nolog,id:10000003,msg:Sophie_10000003"
SecAction
"phase:2,pass,setvar:ip.somepathcounter=+1,nolog,id:10000004,msg:Sophie_10000004"
Header always set Retry-After "10" env=RATELIMITED
ErrorDocument 509 "Rate Limit Exceeded"
Kind regards,
Sophie
--
Sophie Loewenthal
System Engineer ITOPS / Trimble Transport & Logistics
GSM:+32.471.900703
|
