Thread: [Mod-security-developers] Do not work with 2.6.0
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers
|
From: momo-i <web...@mo...> - 2011-06-03 14:30:37
|
Hi all, # first, my native language is japanese. # I'm not so good at English, may be difficult to read, please forgive me. I have searched for on Google, I could not find a similar case, so send to mailing list for the first time. Please forgive become long ones. (1) I have compiled 2.6.0 yesterday, If configured SecResponseBodyAccess to On, IE displays the error. (2) And generating post traffic on Drupal(7.2), httpd is an abnormally high CPU. I tried httpd 2.2.17-19, and the results were all the same. I also tried 2.5.13 with the same settings, no problem. (1) Set to debug level 9 and using telnet command. Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended --- # telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.0 Host: localhost Connection closed by foreign host. --- debug.log http://ja.pastebin.ca/2074112 I think that the reason for this result is always returned null. "APR_BUCKET_IS_EOS(bucket)" And, for testing, comment out the following line, this issue is resolved. http://ja.pastebin.ca/2074116 However, I am so familiar with Apache modules, whether or not I would not know this is a permanent solution. apache2/apache2_io.c line: 862 --- if (msr->of_done_reading == 0) { /* We are done for now. We will be called again with more data. */ return APR_SUCCESS; } --- (2) Also, using drupal(7.2) POST, loops following line... (25 million lines per second) [03/Jun/2011:22:47:18 +0900] [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket type EOS contains 0 bytes. http://ja.pastebin.ca/2074118 --- POST / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://localhost/ Accept-Language: ja-JP User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: localhost Content-Length: 133 Connection: Keep-Alive Cache-Control: no-cache --- here is httpd version. --- # /opt/apache2/bin/httpd -V Server version: Apache/2.2.19 (Unix) Server built: Jun 3 2011 10:01:37 Server's Module Magic Number: 20051115:28 Server loaded: APR 1.4.5, APR-Util 1.3.12 Compiled using: APR 1.4.5, APR-Util 1.3.12 Architecture: 64-bit Server MPM: Worker threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/worker" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/opt/apache2" -D SUEXEC_BIN="/opt/apache2/bin/suexec" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" --- 2.6.0 compile option ------------------------ LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec --with-apxs=/opt/apache2/bin/apxs ------------------------ Thank you for your kind cooperation. Regards, momo-i. |
|
From: Breno S. <bre...@gm...> - 2011-06-03 20:54:17
|
Hi, Could you send your error.log and your main conf file ? thanks Breno On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo...> wrote: > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult to read, please forgive me. > > I have searched for on Google, I could not find a similar case, so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were all the same. > I also tried 2.5.13 with the same settings, no problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following line, this issue is resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, whether or not I would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be called again with more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with > vRanger. > Installation's a snap, and flexible recovery options mean your data is > safe, > secure and there when you need it. Discover what all the cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
|
From: Breno S. <bre...@gm...> - 2011-06-03 20:59:47
|
Also .. please make sure you are compiling and using the same APR version in your apache and modsecurity. Your bucket is an EOS but APR_BUCKET_IS_EOF appears to be not recognizing it. So my first idea is something wrong with APR... maybe different compiled and linked versions used in apache and modsecurity. Check it please .. and send your log and conf. thanks Breno On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm...> wrote: > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo...> wrote: > >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult to read, please forgive me. >> >> I have searched for on Google, I could not find a similar case, so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were all the same. >> I also tried 2.5.13 with the same settings, no problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following line, this issue is resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, whether or not I would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be called again with more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual environment with >> vRanger. >> Installation's a snap, and flexible recovery options mean your data is >> safe, >> secure and there when you need it. Discover what all the cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> > > |
|
From: momo-i <web...@mo...> - 2011-06-04 03:19:10
|
Dear Breno, good morning all, I compiled with same APR version both. (oops, i forgot to send my os environment...) --- # uname -a Linux www.example.com 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux # cat /etc/redhat-release Fedora release 15 (Lovelock) --- Do I have to provide other informations? apache --- ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config --with-apr-util=/usr/bin/apu-1-config --- httpd version is to see prev mail. modsecurity --- LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec --with-apxs=/opt/apache2/bin/apxs --- it finds --- checking for libapr config script... /usr/bin/apr-1-config configure: using apr v1.4.5 checking for libapu config script... /usr/bin/apu-1-config configure: using apu v1.3.12 --- all results http://ja.pastebin.ca/2074419 And here is httpd error.log and main config file. error.log(level debug) http://ja.pastebin.ca/2074417 config(exclude comment lines) http://ja.pastebin.ca/2074418 vhosts setting http://ja.pastebin.ca/2074421 bad to use virtual hosts? Thank you for your kind cooperation. Regards, momo-i. (2011/06/04 5:59), Breno Silva wrote: > Also .. please make sure you are compiling and using the same APR > version in your apache and modsecurity. Your bucket is an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So my first idea is > something wrong with APR... maybe different compiled and linked versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm... > <mailto:bre...@gm...>> wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult to read, please > forgive me. > > I have searched for on Google, I could not find a similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were all the same. > I also tried 2.5.13 with the same settings, no problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following line, this issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, whether or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be called again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment > with vRanger. > Installation's a snap, and flexible recovery options mean your > data is safe, > secure and there when you need it. Discover what all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > |
|
From: Breno S. <bre...@gm...> - 2011-06-04 13:31:28
|
Hi momo-i, Please let me know if you saw any kind ot msg into error.log when the EOS Bucket msgs appears into debug.log thanks Breno On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo...> wrote: > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 > UTC 2011 x86_64 x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > >> Also .. please make sure you are compiling and using the same APR >> version in your apache and modsecurity. Your bucket is an EOS but >> APR_BUCKET_IS_EOF appears to be not recognizing it. So my first idea is >> something wrong with APR... maybe different compiled and linked versions >> used in apache and modsecurity. >> >> Check it please .. and send your log and conf. >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva <bre...@gm... >> <mailto:bre...@gm...>> wrote: >> >> Hi, >> >> Could you send your error.log and your main conf file ? >> >> thanks >> >> Breno >> >> >> On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... >> <mailto:web...@mo...>> wrote: >> >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult to read, please >> forgive me. >> >> I have searched for on Google, I could not find a similar case, >> so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured >> SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were all the same. >> I also tried 2.5.13 with the same settings, no problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following line, this issue is >> resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, whether or not I >> would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be called again with >> more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] Input filter: >> Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; >> WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual environment >> with vRanger. >> Installation's a snap, and flexible recovery options mean your >> data is safe, >> secure and there when you need it. Discover what all the >> cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> >> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> |
|
From: momo-i <web...@mo...> - 2011-06-04 23:57:22
|
Dear Breno, hmm, don't appear anything into error.log, when EOS Bucket message appears in debug.log. Regards, momo-i. (2011/06/04 22:31), Breno Silva wrote: > Hi momo-i, > > Please let me know if you saw any kind ot msg into error.log when the > EOS Bucket msgs appears into debug.log > > thanks > > Breno > > On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com <http://www.example.com> > 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 > x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > > Also .. please make sure you are compiling and using the same APR > version in your apache and modsecurity. Your bucket is an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So my first > idea is > something wrong with APR... maybe different compiled and linked > versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva > <bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>> > wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... > <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult to read, > please > forgive me. > > I have searched for on Google, I could not find a > similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were all the same. > I also tried 2.5.13 with the same settings, no problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always > returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following line, this > issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, whether > or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be called > again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] Input > filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows > NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual > environment > with vRanger. > Installation's a snap, and flexible recovery options > mean your > data is safe, > secure and there when you need it. Discover what all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > |
|
From: Breno S. <bre...@gm...> - 2011-06-05 00:23:48
|
Hi momo-i, I saw you are using the lastest APR/APU library version, release in the end of May. What APR/APU version you used with 2.5.13 ? If you can try modsec 2.6.0 with a previious version of APR/APU will be great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. Thanks Breno On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo...> wrote: > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket message appears > in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > >> Hi momo-i, >> >> Please let me know if you saw any kind ot msg into error.log when the >> EOS Bucket msgs appears into debug.log >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... >> <mailto:web...@mo...>> wrote: >> >> Dear Breno, >> good morning all, >> >> I compiled with same APR version both. >> (oops, i forgot to send my os environment...) >> >> --- >> # uname -a >> Linux www.example.com <http://www.example.com> >> >> 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 x86_64 >> x86_64 x86_64 GNU/Linux >> # cat /etc/redhat-release >> Fedora release 15 (Lovelock) >> --- >> Do I have to provide other informations? >> >> apache >> --- >> ./configure --prefix=/opt/apache2 --with-apr=/usr/bin/apr-1-config >> --with-apr-util=/usr/bin/apu-1-config >> --- >> httpd version is to see prev mail. >> >> modsecurity >> >> --- >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> --- >> it finds >> --- >> checking for libapr config script... /usr/bin/apr-1-config >> configure: using apr v1.4.5 >> checking for libapu config script... /usr/bin/apu-1-config >> configure: using apu v1.3.12 >> --- >> all results >> http://ja.pastebin.ca/2074419 >> >> And here is httpd error.log and main config file. >> >> error.log(level debug) >> http://ja.pastebin.ca/2074417 >> >> config(exclude comment lines) >> http://ja.pastebin.ca/2074418 >> vhosts setting >> http://ja.pastebin.ca/2074421 >> >> bad to use virtual hosts? >> >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> (2011/06/04 5:59), Breno Silva wrote: >> >> Also .. please make sure you are compiling and using the same APR >> version in your apache and modsecurity. Your bucket is an EOS but >> APR_BUCKET_IS_EOF appears to be not recognizing it. So my first >> idea is >> something wrong with APR... maybe different compiled and linked >> versions >> used in apache and modsecurity. >> >> Check it please .. and send your log and conf. >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva >> <bre...@gm... <mailto:bre...@gm...> >> <mailto:bre...@gm... <mailto:bre...@gm...>>> >> >> wrote: >> >> Hi, >> >> Could you send your error.log and your main conf file ? >> >> thanks >> >> Breno >> >> >> On Fri, Jun 3, 2011 at 9:04 AM, momo-i <web...@mo... >> <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>>> >> wrote: >> >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult to read, >> please >> forgive me. >> >> I have searched for on Google, I could not find a >> similar case, >> so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured >> SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were all the same. >> I also tried 2.5.13 with the same settings, no problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and >> modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always >> returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following line, this >> issue is >> resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, whether >> or not I >> would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be called >> again with >> more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] Input >> filter: Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows >> NT 6.1; >> WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual >> environment >> with vRanger. >> Installation's a snap, and flexible recovery options >> mean your >> data is safe, >> secure and there when you need it. Discover what all the >> cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> <mailto:mod...@li... >> <mailto:mod...@li...>> >> >> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> >> |
|
From: momo-i <web...@mo...> - 2011-06-05 00:28:03
|
Dear Breno, Okay, I'll try previous version of APR/APU, so please wait for moment. (2011/06/05 9:23), Breno Silva wrote: > Hi momo-i, > > I saw you are using the lastest APR/APU library version, release in the > end of May. What APR/APU version you used with 2.5.13 ? > If you can try modsec 2.6.0 with a previious version of APR/APU will be > great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. > > Thanks > > Breno > > On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket message > appears in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > > Hi momo-i, > > Please let me know if you saw any kind ot msg into error.log > when the > EOS Bucket msgs appears into debug.log > > thanks > > Breno > > On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... > <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> wrote: > > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com <http://www.example.com> > <http://www.example.com> > > 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 > x86_64 > x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 > --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > > Also .. please make sure you are compiling and using the > same APR > version in your apache and modsecurity. Your bucket is > an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing it. So > my first > idea is > something wrong with APR... maybe different compiled and > linked > versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva > <bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>>> > > wrote: > > Hi, > > Could you send your error.log and your main conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i > <web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>>> wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be difficult > to read, > please > forgive me. > > I have searched for on Google, I could not find a > similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results were > all the same. > I also tried 2.5.13 with the same settings, no > problem. > > (1) > Set to debug level 9 and using telnet command. > Using modsecurity-crs_2.2.0 and > modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result is always > returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following > line, this > issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache modules, > whether > or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We will be > called > again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops following > line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > [localhost/sid#2538b78][rid#7f341c002970][/][9] > Input > filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; > Windows > NT 6.1; > WOW64; > Trident/5.0) > Content-Type: application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure > --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual > environment > with vRanger. > Installation's a snap, and flexible recovery options > mean your > data is safe, > secure and there when you need it. Discover what > all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > |
|
From: Breno S. <bre...@gm...> - 2011-06-05 00:29:23
|
OK... please don't forget to re-compile your apache with the new apr/apu library. thanks Breno On Sat, Jun 4, 2011 at 7:28 PM, momo-i <web...@mo...> wrote: > Dear Breno, > > Okay, I'll try previous version of APR/APU, so please wait for moment. > > > (2011/06/05 9:23), Breno Silva wrote: > >> Hi momo-i, >> >> I saw you are using the lastest APR/APU library version, release in the >> end of May. What APR/APU version you used with 2.5.13 ? >> If you can try modsec 2.6.0 with a previious version of APR/APU will be >> great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. >> >> Thanks >> >> Breno >> >> On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo... >> <mailto:web...@mo...>> wrote: >> >> Dear Breno, >> >> hmm, don't appear anything into error.log, when EOS Bucket message >> appears in debug.log. >> >> Regards, >> momo-i. >> >> >> (2011/06/04 22:31), Breno Silva wrote: >> >> Hi momo-i, >> >> Please let me know if you saw any kind ot msg into error.log >> when the >> EOS Bucket msgs appears into debug.log >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 10:19 PM, momo-i <web...@mo... >> <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>>> >> wrote: >> >> Dear Breno, >> good morning all, >> >> I compiled with same APR version both. >> (oops, i forgot to send my os environment...) >> >> --- >> # uname -a >> Linux www.example.com <http://www.example.com> >> <http://www.example.com> >> >> 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 UTC 2011 >> x86_64 >> x86_64 x86_64 GNU/Linux >> # cat /etc/redhat-release >> Fedora release 15 (Lovelock) >> --- >> Do I have to provide other informations? >> >> apache >> --- >> ./configure --prefix=/opt/apache2 >> --with-apr=/usr/bin/apr-1-config >> --with-apr-util=/usr/bin/apu-1-config >> --- >> httpd version is to see prev mail. >> >> modsecurity >> >> --- >> LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> --- >> it finds >> --- >> checking for libapr config script... /usr/bin/apr-1-config >> configure: using apr v1.4.5 >> checking for libapu config script... /usr/bin/apu-1-config >> configure: using apu v1.3.12 >> --- >> all results >> http://ja.pastebin.ca/2074419 >> >> And here is httpd error.log and main config file. >> >> error.log(level debug) >> http://ja.pastebin.ca/2074417 >> >> config(exclude comment lines) >> http://ja.pastebin.ca/2074418 >> vhosts setting >> http://ja.pastebin.ca/2074421 >> >> bad to use virtual hosts? >> >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> (2011/06/04 5:59), Breno Silva wrote: >> >> Also .. please make sure you are compiling and using the >> same APR >> version in your apache and modsecurity. Your bucket is >> an EOS but >> APR_BUCKET_IS_EOF appears to be not recognizing it. So >> my first >> idea is >> something wrong with APR... maybe different compiled and >> linked >> versions >> used in apache and modsecurity. >> >> Check it please .. and send your log and conf. >> >> thanks >> >> Breno >> >> On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva >> <bre...@gm... <mailto:bre...@gm...> >> <mailto:bre...@gm... <mailto:bre...@gm...>> >> <mailto:bre...@gm... <mailto:bre...@gm...> >> <mailto:bre...@gm... <mailto:bre...@gm...>>>> >> >> wrote: >> >> Hi, >> >> Could you send your error.log and your main conf file ? >> >> thanks >> >> Breno >> >> >> On Fri, Jun 3, 2011 at 9:04 AM, momo-i >> <web...@mo... <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>> >> <mailto:web...@mo... <mailto:web...@mo...> >> <mailto:web...@mo... <mailto:web...@mo...>>>> >> wrote: >> >> Hi all, >> >> # first, my native language is japanese. >> # I'm not so good at English, may be difficult >> to read, >> please >> forgive me. >> >> I have searched for on Google, I could not find a >> similar case, >> so send >> to mailing list for the first time. >> Please forgive become long ones. >> >> (1) I have compiled 2.6.0 yesterday, If configured >> SecResponseBodyAccess >> to On, IE displays the error. >> (2) And generating post traffic on Drupal(7.2), >> httpd is an abnormally high CPU. >> I tried httpd 2.2.17-19, and the results were >> all the same. >> I also tried 2.5.13 with the same settings, no >> problem. >> >> (1) >> Set to debug level 9 and using telnet command. >> Using modsecurity-crs_2.2.0 and >> modsecurity.conf-recommended >> --- >> # telnet localhost 80 >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> GET / HTTP/1.0 >> Host: localhost >> >> Connection closed by foreign host. >> --- >> >> debug.log >> http://ja.pastebin.ca/2074112 >> >> I think that the reason for this result is always >> returned null. >> "APR_BUCKET_IS_EOS(bucket)" >> >> And, for testing, comment out the following >> line, this >> issue is >> resolved. >> http://ja.pastebin.ca/2074116 >> >> However, I am so familiar with Apache modules, >> whether >> or not I >> would >> not know this is a permanent solution. >> >> apache2/apache2_io.c line: 862 >> --- >> if (msr->of_done_reading == 0) { >> /* We are done for now. We will be >> called >> again with >> more >> data. */ >> return APR_SUCCESS; >> } >> --- >> >> (2) >> Also, using drupal(7.2) POST, loops following >> line... >> (25 million lines per second) >> [03/Jun/2011:22:47:18 +0900] >> [localhost/sid#2538b78][rid#7f341c002970][/][9] >> Input >> filter: Bucket >> type EOS contains 0 bytes. >> http://ja.pastebin.ca/2074118 >> >> --- >> POST / HTTP/1.1 >> Accept: text/html, application/xhtml+xml, */* >> Referer: http://localhost/ >> Accept-Language: ja-JP >> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; >> Windows >> NT 6.1; >> WOW64; >> Trident/5.0) >> Content-Type: application/x-www-form-urlencoded >> Accept-Encoding: gzip, deflate >> Host: localhost >> Content-Length: 133 >> Connection: Keep-Alive >> Cache-Control: no-cache >> --- >> >> here is httpd version. >> --- >> # /opt/apache2/bin/httpd -V >> Server version: Apache/2.2.19 (Unix) >> Server built: Jun 3 2011 10:01:37 >> Server's Module Magic Number: 20051115:28 >> Server loaded: APR 1.4.5, APR-Util 1.3.12 >> Compiled using: APR 1.4.5, APR-Util 1.3.12 >> Architecture: 64-bit >> Server MPM: Worker >> threaded: yes (fixed thread count) >> forked: yes (variable process count) >> Server compiled with.... >> -D APACHE_MPM_DIR="server/mpm/worker" >> -D APR_HAS_SENDFILE >> -D APR_HAS_MMAP >> -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) >> -D APR_USE_SYSVSEM_SERIALIZE >> -D APR_USE_PTHREAD_SERIALIZE >> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT >> -D APR_HAS_OTHER_CHILD >> -D AP_HAVE_RELIABLE_PIPED_LOGS >> -D DYNAMIC_MODULE_LIMIT=128 >> -D HTTPD_ROOT="/opt/apache2" >> -D SUEXEC_BIN="/opt/apache2/bin/suexec" >> -D >> DEFAULT_SCOREBOARD="logs/apache_runtime_status" >> -D DEFAULT_ERRORLOG="logs/error_log" >> -D AP_TYPES_CONFIG_FILE="conf/mime.types" >> -D SERVER_CONFIG_FILE="conf/httpd.conf" >> --- >> >> 2.6.0 compile option >> ------------------------ >> LUA_SONAMES=so ./configure >> --prefix=/opt/apache2/modsec >> --with-apxs=/opt/apache2/bin/apxs >> ------------------------ >> >> Thank you for your kind cooperation. >> Regards, >> momo-i. >> >> >> >> >> ------------------------------------------------------------------------------ >> Simplify data backup and recovery for your virtual >> environment >> with vRanger. >> Installation's a snap, and flexible recovery >> options >> mean your >> data is safe, >> secure and there when you need it. Discover what >> all the >> cheering's about. >> Get your free trial download today. >> http://p.sf.net/sfu/quest-dev2dev2 >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> <mailto:mod...@li...> >> <mailto:mod...@li... >> <mailto:mod...@li...>> >> <mailto:mod...@li... >> <mailto:mod...@li...> >> <mailto:mod...@li... >> <mailto:mod...@li...>>> >> >> >> https://lists.sourceforge.net/lists/listinfo/mod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php >> >> >> >> >> >> |
|
From: momo-i <web...@mo...> - 2011-06-05 00:52:38
|
Dear Breno, Ohhhh, That's OK by apr/1.4.4, apu/1.3.11!!! Very very thanks so much!!!!! I could't find such a simple thing, I'm embarrassed:( Best Regards, momo-i. (2011/06/05 9:29), Breno Silva wrote: > OK... please don't forget to re-compile your apache with the new apr/apu > library. > > thanks > > Breno > > On Sat, Jun 4, 2011 at 7:28 PM, momo-i <web...@mo... > <mailto:web...@mo...>> wrote: > > Dear Breno, > > Okay, I'll try previous version of APR/APU, so please wait for moment. > > > (2011/06/05 9:23), Breno Silva wrote: > > Hi momo-i, > > I saw you are using the lastest APR/APU library version, release > in the > end of May. What APR/APU version you used with 2.5.13 ? > If you can try modsec 2.6.0 with a previious version of APR/APU > will be > great... maybe APR_BUCKET_IS_EOS has a bug in the lastest APR code. > > Thanks > > Breno > > On Sat, Jun 4, 2011 at 6:57 PM, momo-i <web...@mo... > <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> wrote: > > Dear Breno, > > hmm, don't appear anything into error.log, when EOS Bucket > message > appears in debug.log. > > Regards, > momo-i. > > > (2011/06/04 22:31), Breno Silva wrote: > > Hi momo-i, > > Please let me know if you saw any kind ot msg into error.log > when the > EOS Bucket msgs appears into debug.log > > thanks > > Breno > > On Fri, Jun 3, 2011 at 10:19 PM, momo-i > <web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>>> wrote: > > Dear Breno, > good morning all, > > I compiled with same APR version both. > (oops, i forgot to send my os environment...) > > --- > # uname -a > Linux www.example.com <http://www.example.com> > <http://www.example.com> > <http://www.example.com> > > 2.6.38.6-27.fc15.x86_64 #1 SMP Sun May 15 17:23:28 > UTC 2011 > x86_64 > x86_64 x86_64 GNU/Linux > # cat /etc/redhat-release > Fedora release 15 (Lovelock) > --- > Do I have to provide other informations? > > apache > --- > ./configure --prefix=/opt/apache2 > --with-apr=/usr/bin/apr-1-config > --with-apr-util=/usr/bin/apu-1-config > --- > httpd version is to see prev mail. > > modsecurity > > --- > LUA_SONAMES=so ./configure --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > --- > it finds > --- > checking for libapr config script... > /usr/bin/apr-1-config > configure: using apr v1.4.5 > checking for libapu config script... > /usr/bin/apu-1-config > configure: using apu v1.3.12 > --- > all results > http://ja.pastebin.ca/2074419 > > And here is httpd error.log and main config file. > > error.log(level debug) > http://ja.pastebin.ca/2074417 > > config(exclude comment lines) > http://ja.pastebin.ca/2074418 > vhosts setting > http://ja.pastebin.ca/2074421 > > bad to use virtual hosts? > > > Thank you for your kind cooperation. > Regards, > momo-i. > > (2011/06/04 5:59), Breno Silva wrote: > > Also .. please make sure you are compiling and > using the > same APR > version in your apache and modsecurity. Your > bucket is > an EOS but > APR_BUCKET_IS_EOF appears to be not recognizing > it. So > my first > idea is > something wrong with APR... maybe different > compiled and > linked > versions > used in apache and modsecurity. > > Check it please .. and send your log and conf. > > thanks > > Breno > > On Fri, Jun 3, 2011 at 3:54 PM, Breno Silva > <bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>> > <mailto:bre...@gm... <mailto:bre...@gm...> > <mailto:bre...@gm... <mailto:bre...@gm...>>>>> > > wrote: > > Hi, > > Could you send your error.log and your main > conf file ? > > thanks > > Breno > > > On Fri, Jun 3, 2011 at 9:04 AM, momo-i > <web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>> > <mailto:web...@mo... <mailto:web...@mo...> > <mailto:web...@mo... <mailto:web...@mo...>>>>> > wrote: > > Hi all, > > # first, my native language is japanese. > # I'm not so good at English, may be > difficult > to read, > please > forgive me. > > I have searched for on Google, I could > not find a > similar case, > so send > to mailing list for the first time. > Please forgive become long ones. > > (1) I have compiled 2.6.0 yesterday, If > configured > SecResponseBodyAccess > to On, IE displays the error. > (2) And generating post traffic on > Drupal(7.2), > httpd is an abnormally high CPU. > I tried httpd 2.2.17-19, and the results > were > all the same. > I also tried 2.5.13 with the same > settings, no > problem. > > (1) > Set to debug level 9 and using telnet > command. > Using modsecurity-crs_2.2.0 and > modsecurity.conf-recommended > --- > # telnet localhost 80 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET / HTTP/1.0 > Host: localhost > > Connection closed by foreign host. > --- > > debug.log > http://ja.pastebin.ca/2074112 > > I think that the reason for this result > is always > returned null. > "APR_BUCKET_IS_EOS(bucket)" > > And, for testing, comment out the following > line, this > issue is > resolved. > http://ja.pastebin.ca/2074116 > > However, I am so familiar with Apache > modules, > whether > or not I > would > not know this is a permanent solution. > > apache2/apache2_io.c line: 862 > --- > if (msr->of_done_reading == 0) { > /* We are done for now. We > will be > called > again with > more > data. */ > return APR_SUCCESS; > } > --- > > (2) > Also, using drupal(7.2) POST, loops > following > line... > (25 million lines per second) > [03/Jun/2011:22:47:18 +0900] > > [localhost/sid#2538b78][rid#7f341c002970][/][9] > Input > filter: Bucket > type EOS contains 0 bytes. > http://ja.pastebin.ca/2074118 > > --- > POST / HTTP/1.1 > Accept: text/html, > application/xhtml+xml, */* > Referer: http://localhost/ > Accept-Language: ja-JP > User-Agent: Mozilla/5.0 (compatible; > MSIE 9.0; > Windows > NT 6.1; > WOW64; > Trident/5.0) > Content-Type: > application/x-www-form-urlencoded > Accept-Encoding: gzip, deflate > Host: localhost > Content-Length: 133 > Connection: Keep-Alive > Cache-Control: no-cache > --- > > here is httpd version. > --- > # /opt/apache2/bin/httpd -V > Server version: Apache/2.2.19 (Unix) > Server built: Jun 3 2011 10:01:37 > Server's Module Magic Number: 20051115:28 > Server loaded: APR 1.4.5, APR-Util 1.3.12 > Compiled using: APR 1.4.5, APR-Util 1.3.12 > Architecture: 64-bit > Server MPM: Worker > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APACHE_MPM_DIR="server/mpm/worker" > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped > addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=128 > -D HTTPD_ROOT="/opt/apache2" > -D SUEXEC_BIN="/opt/apache2/bin/suexec" > -D > DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > --- > > 2.6.0 compile option > ------------------------ > LUA_SONAMES=so ./configure > --prefix=/opt/apache2/modsec > --with-apxs=/opt/apache2/bin/apxs > ------------------------ > > Thank you for your kind cooperation. > Regards, > momo-i. > > > > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for > your virtual > environment > with vRanger. > Installation's a snap, and flexible > recovery options > mean your > data is safe, > secure and there when you need it. > Discover what > all the > cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>> > <mailto:mod...@li... > <mailto:mod...@li...> > <mailto:mod...@li... > <mailto:mod...@li...>>>> > > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's > SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > > |
|
From: Breno S. <bre...@gm...> - 2011-06-05 01:00:30
|
No problem man! Please report it to APR devel guys. thanks Breno On Sat, Jun 4, 2011 at 7:52 PM, momo-i <web...@mo...> wrote: > Dear Breno, > > Ohhhh, That's OK by apr/1.4.4, apu/1.3.11!!! > Very very thanks so much!!!!! > > I could't find such a simple thing, I'm embarrassed:( > > Best Regards, > momo-i. > > > (2011/06/05 9:29), Breno Silva wrote: > >> OK... please don't forget to re-compile your apache with the new apr/apu >> library. >> >> thanks >> >> Breno >> >> |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X