Re: [mod-security-users] "Peer closed connection: a timeout occurred"
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] "Peer closed connection: a timeout occurred"
|
From: Christian F. <chr...@ne...> - 2023-03-27 07:52:13
|
Hey Stephen, I am not familiar with HAProxy and this integration. But speaking from a general position, there is always a chance for a timeout, but the exact message (and the TON of them) is troubling. https://www.mail-archive.com/search?l=h...@fo...&q=subject:%22Re%5C%3A+doubt+how+to+compile+modsecurity+module+for+HAproxy%22&o=newest&f=1 discusses this, but I am none the wiser now. I am not sure wether HAProxy closes the connection now or there was a timeout and HAProxy concludes the client closed the connection. Or whatever. I would try and do two things: - Raise the timeout and monitor for a general reduction of the number of messages. - Try to reproduce the error message on separate machine. That way you will learn what really is the problem - and if it is one from an operating standpoint (users not getting what they want) - or just noise (everybody gets their responses OK, but HAProxy is unhappy about connection termination and regularly complains. Good luck, Christian On Fri, Mar 24, 2023 at 04:37:03PM -0400, Stephen Schor wrote: > Hi All > > I've inherited a project that uses modsecurity (wrapped in > jcmoraisjr/modsecurity-spoa <https://github.com/jcmoraisjr/modsecurity-spoa> > ). > Looking at the modsecurity logs...I see plenty of legitimate log messages > when a SecRule is matched, but also > a TON of lines like this: > > 1679689652.575012 [01] <223243> Peer closed connection: a timeout occurred > > There isn't any additional info around these log lines, I'd appreciate if > folks can help a newcomer out and > help give some context about what causes these messages. Does this indicate > a slow client attack? > The need to adjust some config? Is this normal / expected? > > Thanks for your time, > Stephen > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
