| Author |
|
mrussell
Joined: 08 May 2008
Posts: 5
|
 Posted: Fri 09 May '08 14:58 Post subject: Intermittent problems with Apache2.2.8 & modsecurity 2.5 |
 |
|
Hello all -
Weird problems here with intermittent Apache crashes. I'm running Apache2.2.8 & modsecurity 2.5.3 (both are the binary downloads from Apache Lounge). This message appears occasionally in Apache's error.log:
| Code: | | [notice] Parent: child process exited with status 3221225477 -- Restarting. |
The user gets a "Cannot find server"; if they refresh the browser a second later, all is well again. Our setup:
Windows Server 2003 SP2
Intel Xeon Processor
16 GB ram
MS VC++ 2008 redistributable installed
The server hosts a Tomcat web application. Apache is running mod_ssl, mod_proxy, and mod_security and basically sits in front of the Tomcat HTTP connector, does SSL, applies security filters, and proxies the traffic to Tomcat.
The problem only occurs when mod_security is running. I can reproduce the error somewhat consistently by quickly submitting the same form POST over and over again. It doesn't seem to be a mod_security rule, because the exact same request will work one moment and cause the crash the next. It seems to happen more often with POSTs with a lot of arguments.
I turned the logging all the way up to debug, and got a 400 MB logfile without a single error in it... the last entries before the crash are all normal. I've tried different Apache performance directives, but I'm starting to think the config isn't the problem.
Has anybody had a similar problem? Any advice is appreciated.
Thanks! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 09 May '08 15:07 Post subject: |
|
|
Do you run PHP? status 3221225477 looks like a reason that apache caused to restart. Often PHP extension causes that.
Do you run 64 bit OS? Otherwise Windows can handle only 4 GB of RAM. |
|
| Back to top |
|
mrussell
Joined: 08 May 2008
Posts: 5
|
| Posted: Fri 09 May '08 15:28 Post subject: |
|
|
James -
We're not running PHP... I did find some posts about that. But we don't have PHP installed on the box.
We're not running 64-bit Windows - we're running Server 2003 R2 Enterprise Edition - the max ram for x86 is 64Gb. |
|
| Back to top |
|
mrussell
Joined: 08 May 2008
Posts: 5
|
| Posted: Fri 09 May '08 16:10 Post subject: |
|
|
Apologies for the double-post... I just had a breakthrough. Setting "SecCacheTransformations Off" in mod_security config seems to prevent the error from happening.
It may degrade performance but this server shouldn't be under any seriously heavy load... I'm just keeping my fingers crossed and hoping it continues to work! Funny, I would have thought turning off caching would make things worse. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Fri 09 May '08 18:58 Post subject: |
|
|
The caching issue is solved in ModSecurity 2.5.4 . After some testing I shall release it in the weekend.
Steffen |
|
| Back to top |
|
mrussell
Joined: 08 May 2008
Posts: 5
|
| Posted: Fri 09 May '08 20:41 Post subject: |
|
|
| That's great - thanks! |
|
| Back to top |
|
mrussell
Joined: 08 May 2008
Posts: 5
|
| Posted: Thu 29 May '08 22:09 Post subject: |
|
|
| For the record, modsecurity 2.5.4 didn't fix this issue - I still get intermittent crashes if SecCacheTransformations is on. I may file a bug report with the modsecurity devs. The fact that no one else in the world is having this problem makes me wonder about our environment, though! |
|
| Back to top |
|
