| Author |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
 Posted: Thu 14 Jul '11 2:11 Post subject: How to tune mod_security 2.6 error msg? |
 |
|
After use mod_fcgid to run php scripts,the error msgs appear.Before,it works fine.My apache ver is 2.2.19.
The modsecurity logs show:
| Code: | ModSecurity: Failed to write to DBM file "C:/Apache2.2/logs/data/tmp/resource": Invalid argument
|
I search from google,but can't find the solution...
What is the right argument? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Thu 14 Jul '11 20:06 Post subject: |
|
|
ModSecurity uses the SDBM library, which comes with the Apache Portable Runtime (APR). When using ModSecurity collections for anything beyond trivial use, you may quickly hit the arbitrary SDBM library limit of 1008 bytes. That limit is on the combined size of both the key and record length.
Solution: Use shorter keys, as they are stored in triplicate
--------------------------------
or (not recommended) Recompile APR to support a higher storage limit:
within apr-util --> sdbm_private.h
set the block sizes to something like the following
| Code: |
/* if the block/page size is increased, it breaks perl apr_sdbm_t
* compatibility */
#define DBLKSIZ 16384
#define PBLKSIZ 8192
#define PAIRMAX 8008 /* arbitrary on PBLKSIZ-N
*/
#else
#define DBLKSIZ 16384
#define PBLKSIZ 8192
#define PAIRMAX 10080 /* arbitrary on PBLKSIZ-N
*/
#endif
#define SPLTMAX 10
|
You now increased the SDBM library limit to 10080 bytes. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Sat 16 Jul '11 8:02 Post subject: |
|
|
Where can I increase the SDBM library limit?Or need to compile it again?
| James Blond wrote: |
You now increased the SDBM library limit to 10080 bytes. |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sat 16 Jul '11 19:35 Post subject: |
|
|
You can't increase it in the config.
| James Blond wrote: |
Solution: Use shorter keys, as they are stored in triplicate
|
change the code and recompile can leet to unexcepted results with other stuff.
Can't you use shorter keys? |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Sun 17 Jul '11 4:07 Post subject: |
|
|
I am a newbie at mod_security.
Can you explain what is shorter key?And ,How to increase the limit?
regards.
| James Blond wrote: | You can't increase it in the config.
| James Blond wrote: |
Solution: Use shorter keys, as they are stored in triplicate
|
change the code and recompile can leet to unexcepted results with other stuff.
Can't you use shorter keys? |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sun 17 Jul '11 21:11 Post subject: |
|
|
| There are some limitations on the size of the KEY used when creating collections. You should use %{remote_addr} with initcol instead of %{request_uri}. This will initiate/access a persistent collection and use the client’s IP address as the key. Since %{request_uri} is redirected with fcgid it is might longer than with the module with apache resolves it. |
|
| Back to top |
|
maskego
Joined: 16 Apr 2010
Posts: 238
|
| Posted: Fri 22 Jul '11 9:27 Post subject: |
|
|
Can you give some files or examples?Such as file name...etc...
| James Blond wrote: | | There are some limitations on the size of the KEY used when creating collections. You should use %{remote_addr} with initcol instead of %{request_uri}. This will initiate/access a persistent collection and use the client’s IP address as the key. Since %{request_uri} is redirected with fcgid it is might longer than with the module with apache resolves it. |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Fri 22 Jul '11 10:19 Post subject: |
|
|
This is just an example. I'm not using mod sec myself 
| Code: |
SecRule REQUEST_URI "^/path/to/script.pl$" phase:1,log,pass,ctl:debugLogLevel=9
|
In this example REQUEST_URI is used. Depending on your urls REQUEST_URI can be very long. So it might blow the SDBM library limit. So it is might better to use REMOTE_ADDR for blocking someone. Or using SecRule ARGS:variablename "something" phase:1,pass,ctl:debugLogLevel=9
But as I wrote above I have only none to little experience using mod_security.
Do you know which rule creates that error message? |
|
| Back to top |
|
