Иммунизация правил Modsec 2.25, вызывающих редкие ошибки
Форум
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Darryl
  2. Thursday, 28 March 2019
  3.  Subscribe via email
Just posting this in case it helps anyone, we've found the imunify 2.25 modsec rulesets which were updated yesterday on some of our servers were causing apache segfaults in rare instances (but 100% of the time and repeatable when they occurred).

apache error logs were showing:

[core:notice] [pid 1933222:tid 47584928334912] AH00051: child pid 3832826 exit signal Segmentation fault (11)

Eventually we tracked it down to the 2.25 modsec ruleset from imunify, you can check the version here /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/VERSION

If your coredump shows this it will likely be the same bug:

Program terminated with signal 11, Segmentation fault.
#0 0x00002b4743927ad7 in msre_fn_removeWhitespace_execute () from /etc/apache2/modules/mod_security2.so

Reverting back to the 2.24 rules by replacing the /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/ with these from backup resolved the issue.

Have reported this to imunify support but posting here as this was tricky to track down and found little online about it, hope it helps.
Rate this post:
  1. 29.03.2019 09:03:01
  2. # 1
Darryl Accepted Answer
Posts: 7
Joined: 25.04.2018
0
Votes
Undo
Hi,

Can confirm this is fixed in 2.26, thanks!
  1. 28.03.2019 17:03:42
  2. # 2
Vladimir Accepted Answer
Posts: 108
Joined: 04.07.2017
0
Votes
Undo
Hello,

We've released the 2.26 rule set which shouldn't cause the SegFault.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
гость
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.