[prev in list] [next in list] [prev in thread] [next in thread]
List: mod-security-users
Subject: [mod-security-users] =?utf-8?b?562U5aSNOiAg562U5aSNOiBJIGhhdmUg?= =?utf-8?q?a_question=3Anginx1=2E9=
From: "Junjie, DONG(MIE BJ R&D CPD-BJ-TCT)" <junjie.dong () tcl ! com>
Date: 2015-07-29 2:51:59
Message-ID: 9A178CA37CB24F49AF250EE1208807E70D7111 () CNSZEXMB02
[Download RAW message or body]
The pcre version is 8.38-RC1.
Does anyone use nginx with mod-sec in reverse proxy-mode before?
-----邮件原件-----
发件人: Reindl Harald [mailto:h.reindl@thelounge.net]
发送时间: 2015年7月28日 18:18
收件人: mod-security-users@lists.sourceforge.net
主题: Re: [mod-security-users] 答复: I have a question:nginx1.9.2 with \
modsecurity2.9 in reverse proxy-mode
check your pcre version and if modsec is compiled with pcre-jit
https://bugzilla.redhat.com/show_bug.cgi?id=1215701
-------- Weitergeleitete Nachricht --------
Betreff: Re: [mod-security-users] --enable-pcre-jit: segfaults Fedora 21 and \
roundcube 1.0.5
Datum: Mon, 27 Apr 2015 15:12:14 +0200
Von: Reindl Harald <h.reindl@thelounge.net> Antwort an: \
mod-security-users@lists.sourceforge.net
Organisation: the lounge interactive design
An: mod-security-users@lists.sourceforge.net
BTW: it don't need rouncube, just call
http://somesite-behind-modsec-with-jit/plugins/jqueryui/js/i18n/jquery.ui.datepicker-de.jssg
and the httpd preforker child crashs
and holy shit without the dots no crash
http://somesite-behind-modsec-with-jit/plugins/jqueryui/js/i18n/jqdueryhuihdatepicker-de.jssg
on F21
Am 27.04.2015 um 14:44 schrieb Reindl Harald:
> on Fedora 21 x86_64 mod_security 2.9.0 built with --enable-pcre-jit
> crashs every time /plugins/jqueryui/js/i18n/jquery.ui.datepicker-de.js
> from roundcube 1.0.5 is loaded
> __________________________________
>
> not sure if it's GCC 4.9 or pcre which are newer than on Fedora 20 but
> after seek the reason for random crashes over hourd at PHP/Apache side
> it turend out that it practically happens only with that file and
> without mod_securiyt or disable pcre-jit all is fine
> __________________________________
>
> [Mon Apr 27 11:09:23.113259 2015] [core:notice] [pid 118704] AH00052:
> child pid 118706 exit signal Segmentation fault (11)
>
> open("/dev/urandom", O_RDONLY) = 13
> read(13,
>
"\200\376%\23\240\236\n9\373\210\243%i\223\367J\210\271\177\26\207\331\177\r\372RB\342\2223\352="...,
> 64) = 64
> close(13) = 0
> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x7fcf70b39000
> mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
> = 0x7fcf70b37000
> munmap(0x7fcf70b37000, 8192) = 0
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x8} ---
> chdir("/etc/httpd") = 0
> rt_sigaction(SIGSEGV, {SIG_DFL, [], SA_RESTORER|SA_INTERRUPT,
> 0x7fcf754c70d0}, {SIG_DFL, [], SA_RESTORER|SA_RESETHAND,
> 0x7fcf754c70d0}, 8) = 0
> kill(118706, SIGSEGV) = 0
> rt_sigreturn({mask=[]}) = 32
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_USER, si_pid=118706,
> si_uid=48} ---
> +++ killed by SIGSEGV +++
Am 28.07.2015 um 12:13 schrieb Junjie, DONG(MIE BJ R&D CPD-BJ-TCT):
> Hi Felipe,
>
> I have tried the method what you sent to me. But the problem
> still happens. It seems not the same problem. The attachment enclosure
> is my Nginx debug logs:
>
> 106.39.108.46 is my client IP. I try to request a file called
> "jquery-1.11.1.min.js " on my Web App.
>
> The problem maybe happens on phase 4.
>
> Thanks.
>
> *发件人:*Felipe Costa [mailto:FCosta@trustwave.com]
> *发送时间:*2015年7月27日20:13
> *收件人:*mod-security-users@lists.sourceforge.net
> *主题:*Re: [mod-security-users] I have a question:nginx1.9.2 with
> modsecurity2.9 in reverse proxy-mode
>
> Hi Junjie,
>
> Please look at issue #142
> (https://github.com/SpiderLabs/ModSecurity/issues/142) and give a try on
> branch nginx_refactoring -
>
> https://github.com/SpiderLabs/ModSecurity/tree/nginx_refactoring
>
> _Br,_
>
> *Felipe **"**Zimmerle" Costa *
>
> Security Researcher, SpiderLabs
>
> *Trustwave***| SMART SECURITY ON DEMAND
>
> www.trustwave.com <http://www.trustwave.com/>
>
> *From: *<Junjie>, "DONG (MIE BJ R&D CPD-BJ-TCT)" <junjie.dong@tcl.com
> <mailto:junjie.dong@tcl.com>>
> *Reply-To: *"mod-security-users@lists.sourceforge.net
> <mailto:mod-security-users@lists.sourceforge.net>"
> <mod-security-users@lists.sourceforge.net
> <mailto:mod-security-users@lists.sourceforge.net>>
> *Date: *Monday, July 27, 2015 at 5:20 AM
> *To: *"mod-security-users@lists.sourceforge.net
> <mailto:mod-security-users@lists.sourceforge.net>"
> <mod-security-users@lists.sourceforge.net
> <mailto:mod-security-users@lists.sourceforge.net>>
> *Subject: *[mod-security-users] I have a question:nginx1.9.2 with
> modsecurity2.9 in reverse proxy-mode
>
> Hi!
>
> I try to use nginx1.9.2 with modsecurity2.9 in reverse proxy-mode to
> protect my Web App. The .js/.css/.png what in my Web App can't be
> response to the client. But the .html files are OK. There will be a lot
> of errors in the log like these:
>
> 2015/07/27 15:52:06 [notice] 17130#0: start worker process 17284
>
> 2015/07/27 15:52:06 [notice] 17130#0: signal 29 (SIGIO) received
>
> 2015/07/27 15:52:06 [notice] 17130#0: signal 17 (SIGCHLD) received
>
> 2015/07/27 15:52:06 [alert] 17130#0: worker process 17281 exited on
> signal 11 (core dumped)
>
> 2015/07/27 15:52:06 [notice] 17130#0: start worker process 17286
>
> 2015/07/27 15:52:06 [notice] 17130#0: signal 29 (SIGIO) received
>
> 2015/07/27 15:52:06 [notice] 17130#0: signal 17 (SIGCHLD) received
>
> 2015/07/27 15:52:06 [alert] 17130#0: worker process 17276 exited on
> signal 11 (core dumped)
>
> 2015/07/27 15:52:06 [notice] 17130#0: start worker process 17288
>
> 2015/07/27 15:52:06 [notice] 17130#0: signal 29 (SIGIO) received
>
> When I delete the configurations of modsecurity in nginx.conf, the Web
> App can work normally.
>
> Thanks for your help!
------------------------------------------------------------------------------
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic