[Mod-security-developers] Request body processed when blocking in phase 1
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-developers] Request body processed when blocking in phase 1
|
From: Marc S. <mar...@ap...> - 2019-02-28 15:23:49
|
I'm running v 2.9.3 built with --enable-request-early to have phase 1 rules running before receiving the body. If I sent a huge body, the request is well blocked in phase 1 but there's a huge processing time (10 min for 1.5 MB) on a strong machine after hook_insert_error_filter() Can somebody explain me what could happen and/or how to troubleshoot that. Isn't the phase 1 rule (with --enable-request-early) supposed to run before the request body is received by httpd? Here's the debug log (max level): [28/Feb/2019:14:27:50 +0100] [...][4] Ctl: Set requestBodyAccess to 0. [...] [28/Feb/2019:14:27:50 +0100] [...][4] Access denied with code 404 (phase 1). [...] [28/Feb/2019:14:27:50 +0100] [...][4] Hook insert_error_filter: Adding output filter (r 248029de120). [28/Feb/2019:14:37:20 +0100] [...][9] Output filter: Receiving output (f 24802c82a38, r 248029de120). [28/Feb/2019:14:37:20 +0100] [...][4] Skipping phase 3 as request was already intercepted. error log: [Thu Feb 28 14:27:50.864432 2019] [core:trace5] [pid 6060:tid 2008] protocol.c(614): [client ...] Request received from client: POST /... HTTP/1.1 [Thu Feb 28 14:37:20.529622 2019] [headers:debug] [pid 6060:tid 2008] mod_headers.c(908): AH01503: headers: ap_headers_error_filter() Marc |
