nginx/1.9.9 with modsecurity/2.9.0 crashes with segfault and worker process exited on signal 11

Felipe Zimmerle felipe at zimmerle.org
Sun Jan 10 13:49:10 UTC 2016


Hi Lukas,

You may want to use the ModSecurity's nginx_refactoring branch instead of
the master branch. Here is the link to the branch:

https://github.com/SpiderLabs/ModSecurity/tree/nginx_refactoring

Br.,
Felipe Zimmerle
Lead dev for ModSecurity


On Sun, Jan 10, 2016 at 10:39 AM Lukas <l at ymx.ch> wrote:

> Dear all
>
> Fascinated by nginx, I attempted to integrate it with modsecurity.
>
> Unfortunately, ever when modsecurity is enabled, nginx reports a
> sefault in sysmessages.
>
> Searching the web did not reveal any solution, i.e. I switched off
> SecAudit* and even started modsecurity without rules -- it continued
> crashing.
>
> Thank you for any hint on solving this issue.
>
> Please find next information related to my setup including some logs.
>
> wbr, Lukas
>
> ==
>
> My current setup:
>
> Platform: Linux/4.3.3 running on Debian/wheezy
>
> nginx: self-compiled from sources according to
> https://blog.stickleback.dk/nginx-modsec-on-ubuntu-14-04-lts/
>
> modsecurity: installed and configured according to
>
> https://www.howtoforge.com/tutorial/install-nginx-with-mod_security-on-ubuntu-15-04/
>
> Relevant Logs:
>
> $ /usr/local/nginx/sbin/nginx -V
> nginx version: nginx/1.9.9
> built by gcc 4.7.2 (Debian 4.7.2-5)
> built with OpenSSL 1.0.1e 11 Feb 2013
> TLS SNI support enabled
> configure arguments: --user=www-data --group=www-data --with-pcre-jit
>   --with-ipv6 --with-http_ssl_module
>   --add-module=../modsecurity-2.9.0/nginx/modsecurity
>   --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid
>   --error-log-path=/var/log/nginx/error.log
>   --http-log-path=/var/log/nginx/access.log
>
> $ tail error.log
> 2016/01/10 13:13:34 [notice] 10256#0: ModSecurity: LIBXML compiled
> version="2.8.0"
> 2016/01/10 13:13:34 [notice] 10256#0: ModSecurity: Status engine is
>     currently disabled, enable it by set SecStatusEngine to On.
> 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity for nginx
>     (STABLE)/2.9.0 (http://www.modsecurity.org/) configured.
> 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: APR compiled
>     version="1.4.6"; loaded version="1.4.6"
> 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: PCRE compiled
>     version="8.30 "; loaded version="8.30 2012-02-04"
> 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: LIBXML compiled
> version="2.8.0"
> 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: Status engine is
>     currently disabled, enable it by set SecStatusEngine to On.
> 2016/01/10 13:13:38 [alert] 10261#0: worker process 10267 exited on signal
> 11
> 2016/01/10 13:13:38 [alert] 10261#0: worker process 10264 exited on signal
> 11
> 2016/01/10 13:13:38 [alert] 10261#0: worker process 10265 exited on signal
> 11
>
> $ dmesg
> [605432.202671] nginx[10267]: segfault at 70 ip 08093ba1 sp bfc9a7c0 error
> 4 in nginx[8048000+123000]
> [605432.385414] nginx[10264]: segfault at 70 ip 08093ba1 sp bfc9a7c0 error
> 4 in nginx[8048000+123000]
> [605432.409089] nginx[10265]: segfault at 70 ip 08093ba1 sp bfc9a7c0 error
> 4 in nginx[8048000+123000]
>
> --
> Lukas Ruf       <http://www.lpr.ch> | Ad Personam
> Consecom  <http://www.consecom.com> | Ad Laborem
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160110/4e3a3006/attachment.html>


More information about the nginx mailing list