nginx/1.9.9 with modsecurity/2.9.0 crashes with segfault and worker process exited on signal 11
Lukas
l at ymx.ch
Tue Jan 19 23:10:37 UTC 2016
Hi Felipe
> Felipe Zimmerle <felipe at zimmerle.org> [2016-01-11 17:12]:
>
> On Sun, Jan 10, 2016 at 11:05 AM Lukas <l at ymx.ch> wrote:
>
> > I found that recommendation. Since I also read that it would not be
> > fully compatible with OWASP/CRS I have not given it a try.
> >
> > What is the situation regrading OWASP/CRS?
> >
>
> Currently there are three different versions of ModSecurity for nginx:
>
> - Version 2.9.0: That is the last released version, I think that is the one
> that you are using.
> - nginx_refactoring: That version contains some fixes on the top of v2.9.0,
> but those fixes may lead to instabilities depending on your configuration.
> - ModSecurity-connector: That is something that still under development and
> we have some work to do, to be exactly:
>
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20documentation
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20features
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20operators
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20transformation
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20variables
>
> Only use the ModSecurity-connector if you understands well the ModSecurity
> rules and the consequences of the missing pieces.
>
> Further information about libModSecurity can be found here:
> http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html
> or:
> https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/
>
Thanks for pointing this out.
What worries me a "little bit" is that nginx started crashing with an
Out-of-Memory Exception when ModSecurity 2.9.0 with OWASP/CRS was
activated.
Have others experienced similar problems?
Isn't there at least a run-time control in nginx that kills
subprocesses like ModSecurity as soon as they start overconsuming
resources/execution time?
Thanks.
wbr
Lukas
More information about the nginx
mailing list