Imunify 2.25 modsec rules causing rare segfaults
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Darryl
  2. 28.03.2019
  3.  Subscribe via email
Just posting this in case it helps anyone, we've found the imunify 2.25 modsec rulesets which were updated yesterday on some of our servers were causing apache segfaults in rare instances (but 100% of the time and repeatable when they occurred).

apache error logs were showing:

[core:notice] [pid 1933222:tid 47584928334912] AH00051: child pid 3832826 exit signal Segmentation fault (11)

Eventually we tracked it down to the 2.25 modsec ruleset from imunify, you can check the version here /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/VERSION

If your coredump shows this it will likely be the same bug:

Program terminated with signal 11, Segmentation fault.
#0 0x00002b4743927ad7 in msre_fn_removeWhitespace_execute () from /etc/apache2/modules/

Reverting back to the 2.24 rules by replacing the /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/ with these from backup resolved the issue.

Have reported this to imunify support but posting here as this was tricky to track down and found little online about it, hope it helps.
Rate this post:
  1. 28.03.2019 17:03:42
  2. # 1
Vladimir Accepted Answer
Posts: 108
Joined: 04.07.2017

We've released the 2.26 rule set which shouldn't cause the SegFault.
  1. 29.03.2019 09:03:01
  2. # 2
Darryl Accepted Answer
Posts: 7
Joined: 25.04.2018

Can confirm this is fixed in 2.26, thanks!
  • Page :
  • 1

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.