Re: [mod-security-users] Collections_remove_stale: Failed deleting collection
Brought to you by:
victorhora,
zimmerletw
From: Christian F. <chr...@ti...> - 2015-08-21 04:12:17
|
Hello Sophie, You are touching on an interesting subject or problem depending on the perspective. The pag-Files are rarely discussed in the community and I would not be surprised if you hit an issue with ModSec. I for one hardly ever look at these files as they just seem to work. I have seen the said error message before, but never paid too much attention as I did not have that growth problem of the file. Our apache servers are gracefully restarted once a day. I do not know if that benefits the pag-files at all. But it might be a noteworthy detail. Sorry for not being able to help you. But I would be curious to read anything about the topic. Ahoj, Christian On Thu, Aug 20, 2015 at 02:26:14PM +0200, Sophie Loewenthal wrote: > Hi, > > I installed some rules for rate limiting was concerned by a message > in modsec_audit.log. > > My question: What does this error message really mean? > > Message: collections_remove_stale: Failed deleting collection (name > "ip", key "213.56.235.241_ef6e1e02a3981d38a7faf3db672aa4a4bf7cb53c"): > Internal error > > Some additional notes > I thought this may be related to /var/lib/mod_security/ip.pag or > user.pag. So, I installed modsec-sdbm-util to see if this dB needed > shrinking periodically, was fragmented or should be emptied ( e.g > > ip.pag ) and still saw the messages. > > # modsec-sdbm-util -s ip.pag > Opening file: ip.pag > Database ready to be used. > [\] 720 records so far. > Total of 726 elements processed. > 0 elements removed. > Expired elements: 6, inconsistent items: 0 > Fragmentation rate: 0.83% of the database is/was dirty data. > > # modsec-sdbm-util -s user.pag > Opening file: user.pag > Database ready to be used. > [-] 790 records so far. > Total of 799 elements processed. > 0 elements removed. > Expired elements: 12, inconsistent items: 0 > Fragmentation rate: 1.50% of the database is/was dirty data. > > > Some version information > > mod_security-2.7.3-2.el6.x86_64 > modsec-sdbm-util v1.0 > > Activated rules, > /etc/https/conf.d/mod_security.conf > /etc/httpd/modsecurity.d/modsec_sophie.conf > /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf > > # cat /etc/httpd/modsecurity.d/modsec_sophie.conf > SecAction > initcol:ip=%{REMOTE_ADDR},pass,nolog,id:10000001,msg:Sophie_10000001 > SecAction > "phase:5,deprecatevar:ip.somepathcounter=1/1,pass,nolog,id:10000002,msg:Sophie_10000002" > SecRule IP:SOMEPATHCOUNTER "@gt 60" > "phase:2,pause:300,deny,status:509,setenv:RATELIMITED,skip:1,nolog,id:10000003,msg:Sophie_10000003" > SecAction > "phase:2,pass,setvar:ip.somepathcounter=+1,nolog,id:10000004,msg:Sophie_10000004" > Header always set Retry-After "10" env=RATELIMITED > ErrorDocument 509 "Rate Limit Exceeded" > > > > Kind regards, > Sophie > > -- > Sophie Loewenthal > System Engineer ITOPS / Trimble Transport & Logistics > GSM:+32.471.900703 > > ------------------------------------------------------------------------------ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- Christian Folini Ringstrasse 2 CH-3639 Kiesen +41 (0)31 301 60 71 (H) +41 (0)79 220 23 76 (M) mailto:chr...@ne... (Business) mailto:chr...@ti... (Private) http://www.christian-folini.ch |