nginx segfaulting with mod_security
Robert Paprocki
rpaprocki at fearnothingproductions.net
Sat Apr 12 23:44:28 UTC 2014
Hello,
I have compiled nginx-1.5.13 with modsecurity-2.7.7 and am seeing
occasional segfaults when sending requests to the server. mod_security
was compiled as a standalone module per the instructions made available
at
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX.
The segfaults appear sporadic and do not seem to match up with any given
request. Below is my nginx configuration:
[root at poseidon src]# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx
--group=nginx --with-debug --with-http_ssl_module
--with-http_realip_module --with-http_addition_module
--with-http_sub_module --with-http_dav_module --with-http_flv_module
--with-http_mp4_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_random_index_module
--with-http_secure_link_module --with-http_stub_status_module
--with-mail --with-mail_ssl_module --with-file-aio --with-ipv6
--with-cc-opt='-g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
-mtune=generic -fasynchronous-unwind-tables -g -O0'
--add-module=../modsecurity-apache_2.7.7/nginx/modsecurity/
Also, a backtrace of the core dump:
(gdb) bt
#0 0x080a1827 in ngx_http_write_filter (r=0x83bb078, in=0x8baaa6c) at
src/http/ngx_http_write_filter_module.c:121
#1 0x080bc0d4 in ngx_http_chunked_body_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/modules/ngx_http_chunked_filter_module.c:111
#2 0x080c462b in ngx_http_gzip_body_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/modules/ngx_http_gzip_filter_module.c:325
#3 0x080c5fb3 in ngx_http_postpone_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/ngx_http_postpone_filter_module.c:82
#4 0x080c6581 in ngx_http_ssi_body_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/modules/ngx_http_ssi_filter_module.c:408
#5 0x080cc021 in ngx_http_charset_body_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/modules/ngx_http_charset_filter_module.c:553
#6 0x080ce31f in ngx_http_sub_body_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/modules/ngx_http_sub_filter_module.c:201
#7 0x080cf730 in ngx_http_addition_body_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/modules/ngx_http_addition_filter_module.c:147
#8 0x080cfc78 in ngx_http_gunzip_body_filter (r=0x83bb078, in=0x8baaa6c)
at src/http/modules/ngx_http_gunzip_filter_module.c:184
#9 0x081146bd in ngx_http_modsecurity_body_filter (r=0x83bb078,
in=0xbf7ff8b4)
at
../modsecurity-apache_2.7.7/nginx/modsecurity//ngx_http_modsecurity.c:1252
#10 0x08055381 in ngx_output_chain (ctx=0x8baa9b8, in=0xbf7ff8b4) at
src/core/ngx_output_chain.c:66
#11 0x080a253c in ngx_http_copy_filter (r=0x83bb078, in=0xbf7ff8b4) at
src/http/ngx_http_copy_filter_module.c:143
#12 0x080bd477 in ngx_http_range_body_filter (r=0x83bb078, in=0xbf7ff8b4)
at src/http/modules/ngx_http_range_filter_module.c:594
#13 0x0808e81e in ngx_http_output_filter (r=0x83bb078, in=0xbf7ff8b4) at
src/http/ngx_http_core_module.c:1964
#14 0x0809c72f in ngx_http_send_special (r=0x83bb078, flags=1) at
src/http/ngx_http_request.c:3332
#15 0x080b5737 in ngx_http_upstream_finalize_request (r=0x83bb078,
u=0x83bbab0, rc=0)
at src/http/ngx_http_upstream.c:3551
#16 0x080b4a77 in ngx_http_upstream_process_request (r=0x83bb078) at
src/http/ngx_http_upstream.c:3159
#17 0x080b477e in ngx_http_upstream_process_upstream (r=0x83bb078,
u=0x83bbab0) at src/http/ngx_http_upstream.c:3090
#18 0x080b329a in ngx_http_upstream_send_response (r=0x83bb078,
u=0x83bbab0) at src/http/ngx_http_upstream.c:2493
#19 0x080b1937 in ngx_http_upstream_process_header (r=0x83bb078,
u=0x83bbab0) at src/http/ngx_http_upstream.c:1735
#20 0x080b02ef in ngx_http_upstream_handler (ev=0x8b31f5c) at
src/http/ngx_http_upstream.c:977
#21 0x080726fd in ngx_event_process_posted (cycle=0x83b45a8,
posted=0x81c495c) at src/event/ngx_event_posted.c:40
#22 0x080708c2 in ngx_process_events_and_timers (cycle=0x83b45a8) at
src/event/ngx_event.c:275
#23 0x0807c629 in ngx_worker_process_cycle (cycle=0x83b45a8, data=0x0)
at src/os/unix/ngx_process_cycle.c:816
#24 0x080795a4 in ngx_spawn_process (cycle=0x83b45a8, proc=0x807c48e
<ngx_worker_process_cycle>, data=0x0,
name=0x815e33b "worker process", respawn=-3) at
src/os/unix/ngx_process.c:198
#25 0x0807b720 in ngx_start_worker_processes (cycle=0x83b45a8, n=2,
type=-3) at src/os/unix/ngx_process_cycle.c:364
#26 0x0807aecf in ngx_master_process_cycle (cycle=0x83b45a8) at
src/os/unix/ngx_process_cycle.c:136
#27 0x080500c5 in main (argc=3, argv=0xbf7ffe54) at src/core/nginx.c:407
Unfortunately I am not skilled at reading c backtraces. I was going to
attach the debug log but it's very large and I don't want to make thi
message much larger :p Below is my nginx coniguration:
user nginx;
worker_processes 2;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
worker_rlimit_core 500M;
working_directory /tmp;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
fastcgi_buffers 256 4k;
client_max_body_size 64m;
#client_body_buffer_size 16m;
server_tokens off;
}
server {
listen 23.226.226.175:80;
server_name cryptobells.com www.cryptobells.com;
root /var/www/cryptobells;
rewrite ^ https://$server_name$request_uri? permanent;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
server {
listen 23.226.226.175:443 ssl;
server_name cryptobells.com www.cryptobells.com;
ssl_certificate /etc/ssl/certs/cryptobells.com.crt;
ssl_certificate_key /etc/ssl/certs/cryptobells.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
ssl_prefer_server_ciphers on;
root /var/www/cryptobells;
ModSecurityEnabled on;
ModSecurityConfig /etc/modsecurity/modsecurity.conf;
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~* \.php$ {
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
Please let me know if anyone is able to help identify what could be
causing segfaults, ro if there is any more information I can provide.
Thank you!
More information about the nginx
mailing list