Nginx mod_security leaks file descriptors

Kiril Kalchev kirilk at cloudxcel.com
Thu Aug 22 15:20:52 UTC 2013 

Thank you for the quick replay. I did it and they are looking at it. 
I am adding link to the github issue about this one just for reference if someone need it in future.
https://github.com/SpiderLabs/ModSecurity/issues/137

Regards,
Kiril

On Aug 22, 2013, at 6:16 PM, Alan Silva wrote:

> Hi Kiril,
> 
> I think the better place to make this question its on modsecurity users list, because apparently its a problem in modsecurity module and don't in NGINX.
> 
> Regards,
> 
> Alan
> 
> 
> On Aug 22, 2013, at 8:26 AM, Kiril Kalchev <kirilk at cloudxcel.com> wrote:
> 
>> Hi,
>> 
>> I have a problem with nginx and mod_security module. After reloading nginx configuration (kill -HUP <master-nginx-pid>) all files opened by mod_security are opened once again without closing the old ones. That means at some point we hit the limit of open file descriptors, in my real life scenario I leak over 300 files on each reload.
>> 
>> Here are my sample configs just to illustrate the problem:
>> ============================================================
>> nginx.conf
>> user www-data www-data;
>> worker_processes 6;
>> worker_rlimit_nofile 200000;
>> 
>> error_log /var/log/nginx/error.log debug;
>> 
>> events {
>>       worker_connections  16384;
>>       multi_accept on;
>>       use epoll;
>> }
>> 
>> http {
>>       server {
>>               listen 80;
>>               location / {
>>                       ModSecurityEnabled on;
>>                       ModSecurityConfig modsecurity.conf;
>>                       return 555;
>>               }
>>       }
>> }
>> 
>> ============================================================
>> modsecurity.conf:
>> 
>> # Debug log
>> SecDebugLog /var/log/waf/events.log
>> ============================================================
>> 
>> In this situation after each configuration reload I am leaking open files:
>> 
>> www-data at dev03 ~ # lsof | grep nginx | wc -l; kill -HUP `ps aux | grep 'nginx: master process' | grep -v grep | awk '{print $2}'`; sleep 2; lsof | grep nginx |  wc -l
>> 361
>> 368
>> 
>> I am using Ubuntu 12.04 LTS and nginx _openresty 1.4.2.1
>> 
>> (DEPLOY)www-data at dev03:~# nginx -V
>> nginx version: ngx_openresty/1.4.2.1
>> built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
>> TLS SNI support enabled
>> 
>> Does someone else have the same problem?
>> 
>> I will be happy to provide other information if necessary.
>> 
>> Regards,
>> Kiril
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130822/f5941d1f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3565 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130822/f5941d1f/attachment.bin>

More information about the nginx mailing list