Closed shel3over closed 7 years ago
I am having similar core dumps --
$ gdb /usr/sbin/nginx.1.7.10+modsecurity.2.9.0-mod core.2874
warning: core file may not match specified executable file.
[New LWP 2874]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
warning: Skipping deprecated .gdb_index section in /usr/lib/debug/lib64/libz.so.1.2.7.debug.
Do "set use-deprecated-index-sections on" before the file is read
to use the section anyway.
Core was generated by `nginx: worker process '.
Program terminated with signal 11, Segmentation fault.
#0 ngx_http_chunked_body_filter (r=0x2cf3230, in=<optimized out>) at src/http/modules/ngx_http_chunked_filter_module.c:126
126 size += ngx_buf_size(cl->buf);
(gdb)
@gyoza, @shel3over thanks for the report.
is it something that is new to ModSecurity v2.9.0 or something that you was having on 2.8.0 as well ?
I am certain 2.8.0 had issues as well.
nginx[2823]: segfault at ffffffffffffffff ip 000000000045bd17 sp 00007fff784eb710 error 5 in nginx.modsecurity[400000+143000]
/usr/sbin/nginx.modsecurity -V
nginx version: nginx/1.7.9
built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --add-module=../modsecurity-2.8.0/nginx/modsecurity --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --with-http_ssl_module --with-pcre --with-debug
@gyoza did you tried the nginx_refactoring branch already?
https://github.com/SpiderLabs/ModSecurity/tree/nginx_refactoring
Trying it.
@gyoza code base is almost the same. I believe that it is ModSecurity v2.9.0-RC2 + a set of patches.
This set of patches may help you with those problems that you are mentioned. I will update it to v2.9.0 + patches as soon as possible.
Still getting dumps :(
$ gdb /usr/sbin/nginx.1.6.2+modsecurity.2.9.0-refactor core.18138
Reading symbols from /usr/sbin/nginx.1.6.2+modsecurity.2.9.0-refactor...done.
warning: core file may not match specified executable file.
[New LWP 18138]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
warning: Skipping deprecated .gdb_index section in /usr/lib/debug/lib64/libz.so.1.2.7.debug.
Do "set use-deprecated-index-sections on" before the file is read
to use the section anyway.
Core was generated by `nginx: worker process '.
Program terminated with signal 11, Segmentation fault.
#0 ngx_http_write_filter (r=0x19d61e0, in=0x2958c68) at src/http/ngx_http_write_filter_module.c:121
121 cl->buf = ln->buf;
(gdb) quit
$ nginx -V
nginx version: nginx/1.6.2
built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --add-module=../ModSecurity-git/nginx/modsecurity --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --with-pcre --with-debug
Keep in mind I also tried 1.7.10 with the refactor and had same filter module crash.
@zimmerle i tried different nginx versions and even nginx_refactoring and also modsec 2.8 and 2.9 always the same coredump with the same URL and random TCP connection reset
was an ubuntu 14.04 no idea if this related to some lib version used on ubuntu
I am using amazon linux FYI.
Also, unrelated, @shel3over we both have cats. awesome.
@gyoza for a quick test, can you disable the SecRequestBodyAccess?
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRequestBodyAccess
taken out you get this core dump.
Reading symbols from /usr/sbin/nginx.1.6.2+modsecurity.2.9.0-refactor...done.
Core was generated by `nginx: worker process '.
Program terminated with signal 11, Segmentation fault.
#0 0x0000000000458e8a in ngx_http_chunked_body_filter (r=0x9711e0, in=<optimized out>) at src/http/modules/ngx_http_chunked_filter_module.c:126
126 size += ngx_buf_size(cl->buf);
(gdb)
I think I am noticing a trend also, If i try to hit a non-existant php script with arguments it seems to cause this to happen more often.
for instance
/blog/index.php?hello-world - just jam on refresh and the segfault will happen.
Any updates?
I have the same problem. when I request to http://example.com/index.php then it OK. But when I request to http://example.com/ or http://example.com/logo.jpg then it throws a exception "worker process exited on signal 11 (core dumped)". please tell me why and how to fix this bugs??
I checked it is OK for nginx 1.4.6 + modsecurity_refactoring. But i don't known the later version which is Ok. I waste about one week for this bug. I think @zimmerle should early update the patches for modsecurity :)
Hi @taibd, thank you for your input.
if you go over the opened bugs will you see that nginx_refactoring is not solving all the problems and it may add some new bugs. That is the main reason why this branch was not merged into the mainline yet. nginx_refactoring is being constantly updated with the mainline code.
I had crashes using 1.4.7+latest refactor cloned today. Looks like maybe whatever changed from 1.4.6 to 1.4.7 is causing the problem ?
@gyoza, @zimmerle, Does anyone know what the recommended version of nginx and branch of modsecurity to build a working webserver on ubuntu 14.04? We're hitting this problem with a greenfield build and would like to get up and running asap.
Setting proxy_force_ranges on;
seems to work for us.
Setting proxy_force_ranges on; seems to work for us.
Helped to me, too. Nginx 1.8.0
proxy_force_ranges on; worked for me as well. Nginx 1.9.3 and modsec 2.9.0
Thanks for the workaraund.
@ryanrbftp Thanks for your workaraund, which saves me a lot of time!
Thanks! proxy_force_ranges worked! nginx 1.9.4, modsecurity 2.9.0
No longer a concern in libModSecurity. Marking it as won't fix for 2.x. Further information about libModSecurity available here: https://github.com/SpiderLabs/ModSecurity/tree/v3/master
I still have this problem with the latest version of mod security and nginx 1.12. Tried everything but didn't found a fix. Any other suggestions? As I see nginx refectory branch is very old and now it's not the solution.
Hi @intelbg, please move forward to the ModSecurity-nginx connector - www.github.com/SpiderLabs/ModSecurity-nginx
I have the installed the libmodsecurity, but nginx-connector seems to not find it. Can you please tell me why as I post to you the steps I follow:
315 git clone https://github.com/SpiderLabs/ModSecurity 316 cd ModSecurity/ 317 git checkout -b origin/v3/master 318 git submodule init 319 git submodule update 320 ./autogen.sh 321 ./configure 322 make 323 make install 324 cd .. 325 ll 326 cd nginx-1.12-new/
Here I have already downloaded nginx-connector and point the path to it:
327 CFLAGS+=-I/usr/include/httpd ./configure --prefix=/usr/local/nginx/ --error-log-path=/var/log/nginx/error.log --with-http_ssl_module --with-openssl=/root/openssl-1.0.2g/ --with-http_v2_module --add-module=/usr/local/compile/headers-more-nginx-module-0.29rc1 --add-module=/usr/local/src/ngx_pagespeed-release-1.11.33.1-beta --with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc --add-module=/usr/local/src/nginx-1.12-new/testcookie-nginx-module-master/ --with-http_geoip_module --add-module=/usr/local/src/nginx-1.12-new/nginx-module-vts-master/ --add-module=/usr/local/src/ModSecurity-nginx/ --add-module=/usr/local/src/ngx_devel_kit-0.2.19/
Here is what I have in /usr/local/modsecurity:
ls /usr/local/modsecurity/lib/ mod_security2.so
ls /usr/local/modsecurity/bin mlogc mlogc-batch-load.pl rules-updater.pl
Have I missed something?
@intelbg You should have something like below on your /usr/local/modsecurity/lib/ directory:
libmodsecurity.a libmodsecurity.la libmodsecurity.so -> libmodsecurity.so.3.0.0 libmodsecurity.so.3 -> libmodsecurity.so.3.0.0 libmodsecurity.so.3.0.0
If these files are not present, there's something wrong with your libModSecurity compilation / installation. Or, they might being placed on a different directory.
When compiling Nginx, make sure you point the configure options to where your nginx-connector is correctly located like: ./configure --add-module=/opt/ModSecurity-nginx
Alternatively, you can also try compiling Nginx with a dynamic libModSecurity module like: ./configure --add-dynamic-module=/opt/ModSecurity-nginx --with-compat
And then explicitly enable it on nginx.conf: load_module modules/ngx_http_modsecurity_module.so
EDIT: The compilation recipes here should help: https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes
@victorhora thank you about your reply. The steps you provided are exactly the steps I follow, but the question is why these libmodsecurity files are not present as there are not compilation errors. Here is the config.log from libmodsecurity compilation: