size of the LMDB database file does not change

[dvmalygin]

Hello, I'm using ModSecurity-nginx with lmdb support and REQUEST-912-DOS-PROTECTION rule. The size of the lmdb database (modsec-shared-collections file) is always 1MB and does not change. To determine the actual size of the database, I used the commands described here: https://wiki.samba.org/index.php/Using_the_lmdb_database_backend

1MB size is not enough. Not all IP addresses are recorded in the database and "expire" does not work correctly. This is what an entry with "expire" looks like: key: 0x7f307db15d66 **ip_address**_85a8bfc5e4d8eebd5dee39313b7462b0aacedf6e::::dos_block, data: 0x7f307db15daa {"__expire_":1713440905,"__value_":"1"} The "dos_block" flag has an expiration date - the time until which the IP address is blocked.

This is what a record that blocks an IP address forever (without expiration date) looks like: key: 0x7f3444f23192 **ip_address**_4dc3eb4c759ce8aa387ad1a757061a314d369738::::dos_block, data: 0x7f3444f231d5 {"__value_":"1"}

Expire records stop being written to the lmdb database when there is a large number of IP addresses. I suspect that this is due to the lmdb database being full. Is it possible to increase the size of the lmdb database?

[airween]

Hi @dvmalygin,

thanks for reporting this issue.

You are right, database with 1MB couldn't be enough.

The simple solution would be using of mdb_env_set_mapsize() to set the expected size of database - but I'm not sure there is a valid value which would be good for everyone.

So I think the final solution would be that we create few new configuration directives which help us to control the database size - and place. (Now the database created in the root directory, of from where the admin starts the engine).

Something like

SecLMDBPath /path/to/database
SecLMDBSize 10485760  # size in bytes

What do you think?

[dvmalygin]

Thanks for your reply. It will be great :)