[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mod-security-users
Subject:    Re: [mod-security-users] Failed to access DBM file (data/ip):
From:       Kevin Jackson <kevin () linuxservices ! co ! uk>
Date:       2011-08-19 12:46:17
Message-ID: CACbLkcmWjSvBFuRfPCGHpcMWgYnneQnhPzS9NDR6_CeGJU=97g () mail ! gmail ! com
[Download RAW message or body]

Hi Ryan,
I was considering this (and about to do some testing) but want to know
the implications of this. Given we're running essentially separate
Apache instances that don't know about each other, the IP DBM file
isn't a shared entity so technically lacking in some features that
you'd want persistent storage for - like tracking sessions over time.
But in this environment its possible those other sessions could hit an
Apache it hasn't seen before.

Cheers,

Kev

On 19 August 2011 13:37, Ryan Barnett <RBarnett@trustwave.com> wrote:
> 
> On 8/19/11 6:55 AM, "Kevin Jackson" <kevin@linuxservices.co.uk> wrote:
> 
> > Dear all,
> > After a number of weeks fine tuning the CRS rules appropriate for a
> > busy website, we did a full live test pushing traffic through Apache
> > with ModSecurity 2.6.1 proxying requests to evaluate the performance
> > of ModSecurity through the backend service.
> > 
> > Traffic is around 1k/second and we had Apache running on 18 servers
> > sitting behind a load balancer and Apache coping without issue.
> > 
> > ModSecurity on the other hand didn't fare so well - it struggled to
> > keep pace causing resource deadlock issues on the ip database.  The
> > upshot was incredibly high load averages for obvious reasons and poor
> > user experience.
> > 
> > --ba66410d-H--
> > Message: Failed to access DBM file "/usr/local/apache/data/ip":
> > Resource deadlock avoided
> > Apache-Handler: proxy-server
> > Stopwatch: 1313660329409820 283469 (- - -)
> > Stopwatch2: 1313660329409820 283469; combined=99526, p1=3446,
> > p2=12838, p3=3, p4=0, p5=41666, sr=3272, sw=41573, l=0, gc=0
> > Producer: ModSecurity for Apache/2.6.1 (http://www.modsecurity.org/);
> > core ruleset/2.2.1.
> > Server: Apache
> > 
> > --ba66410d-Z--
> > 
> > My question is what to suggest here? People must be running
> > ModSecurity on high volume websites? Have you encountered this issue?
> > This traffic is a fraction of our peak traffic at a quiet time during
> > the day and the environment only coped for about 10 minutes before
> > keeling over.
> 
> Hey Kevin,
> Question for you - are you using the IP persistent collection to track
> data about clients across requests?  If not, then you may want to disable
> the initcol rules at the end of the modsecurity_crs_10_config.conf file.
> 
> See if that helps.
> 
> -Ryan
> 
> > 
> > Cheers,
> > 
> > Kev
> > 
> > --------------------------------------------------------------------------
> > ----
> > Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
> > user administration capabilities and model configuration. Take
> > the hassle out of deploying and managing Subversion and the
> > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
> > _______________________________________________
> > mod-security-users mailing list
> > mod-security-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/mod-security-users
> > ModSecurity Services from Trustwave's SpiderLabs:
> > https://www.trustwave.com/application-security.php
> > 
> 
> 
> This transmission may contain information that is privileged, confidential, and/or \
> exempt from disclosure under applicable law. If you are not the intended recipient, \
> you are hereby notified that any disclosure, copying, distribution, or use of the \
> information contained herein (including any reliance thereon) is STRICTLY \
> PROHIBITED. If you received this transmission in error, please immediately contact \
> the sender and destroy the material in its entirety, whether in electronic or hard \
> copy format. 
> 

------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system, 
user administration capabilities and model configuration. Take 
the hassle out of deploying and managing Subversion and the 
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/application-security.php


[prev in list] [next in list] [prev in thread] [next in thread]