ngx_http_upstream_copy_allow_ranges() issue when using ModSecurity

Maxim Dounin mdounin at
Thu Dec 3 14:05:29 UTC 2015


On Thu, Dec 03, 2015 at 12:55:15PM +0200, Kipras Mancevičius wrote:

> Hey everyone,
> looks like nginx versions >= 1.7.7 have issues with the modsecurity module,
> because of the new proxy_force_ranges directive. The problem is that
> modsecurity calls ngx_http_upstream_header_t->copy_handler() for all
> ngx_http_upstream_headers_in headers specified in ngx_http_upstream.
> And in ngx_http_upstream_copy_allow_ranges() the check for that
> configuration value [1] results in a segfault, because r->upstream->conf is
> probably NULL at that point, which causes nginx to crash.
> One way to work around this is to set "proxy_force_ranges" to on in nginx
> config. However another simple fix is to check if r->upstream->conf exists,
> before accessing r->upstream->conf->force_ranges. And this shouldn't change
> the behavior of nginx (which changing the value of this flag does).
> More info: see @driehuls comment in


What ModSecurity does looks like a hack abusing part of the 
upstream module, and the segmentation fault is an expected result 
of the approach taken.  ModSecurity module should be rewritten to 
avoid the hack, or the hack should be updated to the changes in 
nginx.  In the latter case more segfaults are expected in the 

Just in case, here is a (closed invalid) ticket in nginx trac 
about this:

Maxim Dounin

More information about the nginx-devel mailing list