Re: [mod-security-users] Getting Segmentation fault with to much rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Getting Segmentation fault with to much rules
|
From: <ste...@gm...> - 2006-03-09 16:25:42
|
> --- Ursprüngliche Nachricht --- > Von: Ivan Ristic <iv...@we...> > An: ste...@gm... > Kopie: mod...@li... > Betreff: Re: [mod-security-users] Getting Segmentation fault with to much > rules > Datum: Thu, 09 Mar 2006 09:33:44 +0000 > > ste...@gm... wrote: > > I have mod_security 1.9.2 on Gentoo Linux, compiled with hardened gcc > 3.4.5. > > The system has PaX and grsecurity active. mod_security is compiled with > > "-march=athlon-tbird -O2 -pipe -mmmx -m3dnow -fforce-addr > > -fomit-frame-pointer -falign-functions=4". Apache is 2.0.55. > > > > When I load to much rules (like the ones from > > http://www.gotroot.com/downloads/ftp/mod_security/blacklist.conf) into > > mod_security, then mod_security starts to get segmentation faults. > > > > I don't know why? Maybe the Propolice patch is catching somethig? > > Sounds to me Apache is crashing because you don't have enough > RAM to run all those rules. > Okay. The system has 1GB memory. Did not know, that mod_security does take that much memory for the rules. > FYI, 1.9.3 uses less memory so you may be able to use that > without crashing. > Will install 1.9.3 right now. > Either way, you are killing the performance with such a large > number of rules. Blacklisting, in particular, is much better > done with an RBL-style protection. > How to implement RBL-style protection with mod_security? > -- > Ivan Ristic, Technical Director > Thinking Stone, http://www.thinkingstone.com > ModSecurity: Open source Web Application Firewall > Apache Security (O'Reilly): http://www.apachesecurity.net > -- Bis zu 70% Ihrer Onlinekosten sparen: GMX SmartSurfer! Kostenlos downloaden: http://www.gmx.net/de/go/smartsurfer |
