modsecurity nginx coredump

[shel3over]

2015/02/15 12:25:19 [notice] 4868#0: ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
2015/02/15 12:25:21 [notice] 4878#0: ModSecurity for nginx (STABLE)/2.9.0 (http://www.modsecurity.org/) configured.
2015/02/15 12:25:21 [notice] 4878#0: ModSecurity: APR compiled version="1.5.1-dev"; loaded version="1.5.1-dev"
2015/02/15 12:25:21 [notice] 4878#0: ModSecurity: PCRE compiled version="8.31 "; loaded version="8.31 2012-07-06"
2015/02/15 12:25:21 [notice] 4878#0: ModSecurity: LUA compiled version="Lua 5.1"
2015/02/15 12:25:21 [notice] 4878#0: ModSecurity: LIBXML compiled version="2.9.1"
2015/02/15 12:25:21 [notice] 4878#0: ModSecurity: Original server signature: ModSecurity Standalone
2015/02/15 12:25:21 [notice] 4878#0: ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
2015/02/15 12:25:21 [debug] 4880#0: epoll add event: fd:6 op:1 ev:00002001
2015/02/15 12:25:21 [debug] 4880#0: epoll add event: fd:7 op:1 ev:00002001
2015/02/15 12:25:35 [debug] 4880#0: post event 000000000172A5A0
2015/02/15 12:25:35 [debug] 4880#0: delete posted event 000000000172A5A0
2015/02/15 12:25:35 [debug] 4880#0: accept on 0.0.0.0:9090, ready: 0
2015/02/15 12:25:35 [debug] 4880#0: posix_memalign: 00000000016FFC70:256 @16
2015/02/15 12:25:35 [debug] 4880#0: *53 accept: 196.41.235.198 fd:4
2015/02/15 12:25:35 [debug] 4880#0: posix_memalign: 00000000016FFD80:256 @16
2015/02/15 12:25:35 [debug] 4880#0: *53 event timer add: 4: 60000:1423999595042
2015/02/15 12:25:35 [debug] 4880#0: *53 reusable connection: 1
2015/02/15 12:25:35 [debug] 4880#0: *53 epoll add event: fd:4 op:1 ev:80002001
2015/02/15 12:25:35 [debug] 4880#0: *53 post event 000000000172A6D8
2015/02/15 12:25:35 [debug] 4880#0: *53 delete posted event 000000000172A6D8
2015/02/15 12:25:35 [debug] 4880#0: *53 http wait request handler
2015/02/15 12:25:35 [debug] 4880#0: *53 malloc: 00000000016FFE90:1024
2015/02/15 12:25:35 [debug] 4880#0: *53 recv: fd:4 590 of 1024
2015/02/15 12:25:35 [debug] 4880#0: *53 reusable connection: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 posix_memalign: 00000000017002A0:4096 @16
2015/02/15 12:25:35 [debug] 4880#0: *53 http process request line
2015/02/15 12:25:35 [debug] 4880#0: *53 http request line: "GET /index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display HTTP/1.1"
2015/02/15 12:25:35 [debug] 4880#0: *53 http uri: "/index.php"
2015/02/15 12:25:35 [debug] 4880#0: *53 http args: "q=&q=&l=&m=&option=com_finder&task=jobs.display"
2015/02/15 12:25:35 [debug] 4880#0: *53 http exten: "php"
2015/02/15 12:25:35 [debug] 4880#0: *53 http process request header line
2015/02/15 12:25:35 [debug] 4880#0: *53 http header: "Host: www.localhost.com:9090"
2015/02/15 12:25:35 [debug] 4880#0: *53 http header: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"
2015/02/15 12:25:35 [debug] 4880#0: *53 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2015/02/15 12:25:35 [debug] 4880#0: *53 http header: "Accept-Language: en-US,en;q=0.5"
2015/02/15 12:25:35 [debug] 4880#0: *53 http header: "Accept-Encoding: gzip, deflate"
2015/02/15 12:25:35 [debug] 4880#0: *53 http header: "Cookie: 670e2aeda114e17c2a9366bc0985c190=9lv67bfhkadnuur9ttm4ctgbr2; _ga=GA1.2.27578087.1423928221; cd717b2c44775918f48c367a6a32f30c=sVpfI2bDKibfa4s9.grxd9DIIvm78ogZysG1i; 9317d58b08847e9f711d4f7c96794057=cnd2fq3ndb9tkur0f8ial5uao0; _gat=1"
2015/02/15 12:25:35 [debug] 4880#0: *53 http header: "Connection: keep-alive"
2015/02/15 12:25:35 [debug] 4880#0: *53 http header done
2015/02/15 12:25:35 [debug] 4880#0: *53 event timer del: 4: 1423999595042
2015/02/15 12:25:35 [debug] 4880#0: *53 rewrite phase: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 test location: "/"
2015/02/15 12:25:35 [debug] 4880#0: *53 using configuration "/"
2015/02/15 12:25:35 [debug] 4880#0: *53 http cl:-1 max:1048576
2015/02/15 12:25:35 [debug] 4880#0: *53 rewrite phase: 2
2015/02/15 12:25:35 [debug] 4880#0: *53 post rewrite phase: 3
2015/02/15 12:25:35 [debug] 4880#0: *53 generic phase: 4
2015/02/15 12:25:35 [debug] 4880#0: *53 modSecurity: handler
2015/02/15 12:25:35 [debug] 4880#0: *53 add cleanup: 00000000017011F0
2015/02/15 12:25:35 [debug] 4880#0: *53 posix_memalign: 00000000017012B0:4096 @16
2015/02/15 12:25:35 [debug] 4880#0: *53 add cleanup: 0000000001701240
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Host: www.localhost.com:9090"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Accept-Language: en-US,en;q=0.5"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Accept-Encoding: gzip, deflate"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Cookie: 670e2aeda114e17c2a9366bc0985c190=9lv67bfhkadnuur9ttm4ctgbr2; _ga=GA1.2.27578087.1423928221; cd717b2c44775918f48c367a6a32f30c=sVpfI2bDKibfa4s9.grxd9DIIvm78ogZysG1i; 9317d58b08847e9f711d4f7c96794057=cnd2fq3ndb9tkur0f8ial5uao0; _gat=1"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Connection: keep-alive"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in done
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: status -1
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: status -1
2015/02/15 12:25:35 [debug] 4880#0: *53 generic phase: 5
2015/02/15 12:25:35 [debug] 4880#0: *53 generic phase: 6
2015/02/15 12:25:35 [debug] 4880#0: *53 access phase: 7
2015/02/15 12:25:35 [debug] 4880#0: *53 access: C6EB29C4 FFFFFFFF C6EB29C4
2015/02/15 12:25:35 [debug] 4880#0: *53 access phase: 8
2015/02/15 12:25:35 [debug] 4880#0: *53 post access phase: 9
2015/02/15 12:25:35 [debug] 4880#0: *53 http init upstream, client timer: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 epoll add event: fd:4 op:3 ev:80002005
2015/02/15 12:25:35 [debug] 4880#0: *53 http script copy: "Host: "
2015/02/15 12:25:35 [debug] 4880#0: *53 http script var: "www.localhost.com"
2015/02/15 12:25:35 [debug] 4880#0: *53 http script copy: "
"
2015/02/15 12:25:35 [debug] 4880#0: *53 http script copy: "X-Real-IP: "
2015/02/15 12:25:35 [debug] 4880#0: *53 http script var: "196.41.235.198"
2015/02/15 12:25:35 [debug] 4880#0: *53 http script copy: "
"
2015/02/15 12:25:35 [debug] 4880#0: *53 http script copy: "Connection: close
"
2015/02/15 12:25:35 [debug] 4880#0: *53 http script copy: ""
2015/02/15 12:25:35 [debug] 4880#0: *53 http script copy: ""
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Accept-Language: en-US,en;q=0.5"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Accept-Encoding: gzip, deflate"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Cookie: 670e2aeda114e17c2a9366bc0985c190=9lv67bfhkadnuur9ttm4ctgbr2; _ga=GA1.2.27578087.1423928221; cd717b2c44775918f48c367a6a32f30c=sVpfI2bDKibfa4s9.grxd9DIIvm78ogZysG1i; 9317d58b08847e9f711d4f7c96794057=cnd2fq3ndb9tkur0f8ial5uao0; _gat=1"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header:
"GET /index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display HTTP/1.0
Host: www.localhost.com
X-Real-IP: 196.41.235.198
Connection: close
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: 670e2aeda114e17c2a9366bc0985c190=9lv67bfhkadnuur9ttm4ctgbr2; _ga=GA1.2.27578087.1423928221; cd717b2c44775918f48c367a6a32f30c=sVpfI2bDKibfa4s9.grxd9DIIvm78ogZysG1i; 9317d58b08847e9f711d4f7c96794057=cnd2fq3ndb9tkur0f8ial5uao0; _gat=1

"
2015/02/15 12:25:35 [debug] 4880#0: *53 http cleanup add: 0000000001701D38
2015/02/15 12:25:35 [debug] 4880#0: *53 get rr peer, try: 1
2015/02/15 12:25:35 [debug] 4880#0: *53 socket 9
2015/02/15 12:25:35 [debug] 4880#0: *53 epoll add connection: fd:9 ev:80002005
2015/02/15 12:25:35 [debug] 4880#0: *53 connect to 10.0.3.10:80, fd:9 #54
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream connect: -2
2015/02/15 12:25:35 [debug] 4880#0: *53 posix_memalign: 0000000001702390:128 @16
2015/02/15 12:25:35 [debug] 4880#0: *53 event timer add: 9: 60000:1423999595042
2015/02/15 12:25:35 [debug] 4880#0: *53 http finalize request: -4, "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display" a:1, c:2
2015/02/15 12:25:35 [debug] 4880#0: *53 http request count:2 blk:0
2015/02/15 12:25:35 [debug] 4880#0: *53 post event 000000000173DEE8
2015/02/15 12:25:35 [debug] 4880#0: *53 post event 000000000173DF50
2015/02/15 12:25:35 [debug] 4880#0: *53 delete posted event 000000000173DF50
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream request: "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display"
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream send request handler
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream send request
2015/02/15 12:25:35 [debug] 4880#0: *53 chain writer buf fl:1 s:607
2015/02/15 12:25:35 [debug] 4880#0: *53 chain writer in: 0000000001701D70
2015/02/15 12:25:35 [debug] 4880#0: *53 writev: 607
2015/02/15 12:25:35 [debug] 4880#0: *53 chain writer out: 0000000000000000
2015/02/15 12:25:35 [debug] 4880#0: *53 event timer del: 9: 1423999595042
2015/02/15 12:25:35 [debug] 4880#0: *53 event timer add: 9: 60000:1423999595044
2015/02/15 12:25:35 [debug] 4880#0: *53 delete posted event 000000000173DEE8
2015/02/15 12:25:35 [debug] 4880#0: *53 http run request: "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display"
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream check client, write event:1, "/index.php"
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream recv(): -1 (11: Resource temporarily unavailable)
2015/02/15 12:25:35 [debug] 4880#0: *53 post event 000000000172A740
2015/02/15 12:25:35 [debug] 4880#0: *53 post event 000000000173DF50
2015/02/15 12:25:35 [debug] 4880#0: *53 delete posted event 000000000173DF50
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream request: "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display"
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream dummy handler
2015/02/15 12:25:35 [debug] 4880#0: *53 delete posted event 000000000172A740
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream request: "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display"
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream process header
2015/02/15 12:25:35 [debug] 4880#0: *53 malloc: 0000000001705BB0:4096
2015/02/15 12:25:35 [debug] 4880#0: *53 recv: fd:9 165 of 4096
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy status 303 "303 See other"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Server: nginx"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Date: Sun, 15 Feb 2015 11:25:35 GMT"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Content-Type: text/html; charset=utf-8"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Connection: close"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header: "Location: /offres-d-emploi"
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy header done
2015/02/15 12:25:35 [debug] 4880#0: *53 modSecurity: header filter
2015/02/15 12:25:35 [debug] 4880#0: *53 http cacheable: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 http proxy filter init s:303 h:0 c:0 l:-1
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream process upstream
2015/02/15 12:25:35 [debug] 4880#0: *53 pipe read upstream: 1
2015/02/15 12:25:35 [debug] 4880#0: *53 pipe preread: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 readv: 1:3931
2015/02/15 12:25:35 [debug] 4880#0: *53 pipe recv chain: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 pipe buf free s:0 t:1 f:0 0000000001705BB0, pos 0000000001705C55, size: 0 file: 0, size: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 pipe length: -1
2015/02/15 12:25:35 [debug] 4880#0: *53 pipe write downstream: 1
2015/02/15 12:25:35 [debug] 4880#0: *53 pipe write downstream done
2015/02/15 12:25:35 [debug] 4880#0: *53 event timer: 9, old: 1423999595044, new: 1423999595166
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream exit: 0000000000000000
2015/02/15 12:25:35 [debug] 4880#0: *53 finalize http upstream request: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 finalize http proxy request
2015/02/15 12:25:35 [debug] 4880#0: *53 free rr peer 1 0
2015/02/15 12:25:35 [debug] 4880#0: *53 close http upstream connection: 9
2015/02/15 12:25:35 [debug] 4880#0: *53 free: 0000000001702390, unused: 48
2015/02/15 12:25:35 [debug] 4880#0: *53 event timer del: 9: 1423999595044
2015/02/15 12:25:35 [debug] 4880#0: *53 reusable connection: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 http upstream temp fd: -1
2015/02/15 12:25:35 [debug] 4880#0: *53 http output filter "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display"
2015/02/15 12:25:35 [debug] 4880#0: *53 http copy filter: "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display"
2015/02/15 12:25:35 [debug] 4880#0: *53 modSecurity: body filter
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Host: www.localhost.com:9090"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Accept-Language: en-US,en;q=0.5"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Accept-Encoding: gzip, deflate"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Cookie: 670e2aeda114e17c2a9366bc0985c190=9lv67bfhkadnuur9ttm4ctgbr2; _ga=GA1.2.27578087.1423928221; cd717b2c44775918f48c367a6a32f30c=sVpfI2bDKibfa4s9.grxd9DIIvm78ogZysG1i; 9317d58b08847e9f711d4f7c96794057=cnd2fq3ndb9tkur0f8ial5uao0; _gat=1"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in: "Connection: keep-alive"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers in done
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers out: "Location: /offres-d-emploi"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers out: "Content-Type: text/html; charset=utf-8"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers out: "Location: /offres-d-emploi"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers out: "Connection: keep-alive"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: load headers out done
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: status 0
2015/02/15 12:25:35 [debug] 4880#0: *53 posix_memalign: 0000000001706BC0:4096 @16
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in: "Host: www.localhost.com:9090"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in: "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in: "Accept-Language: en-US,en;q=0.5"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in: "Accept-Encoding: gzip, deflate"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in: "Cookie: 670e2aeda114e17c2a9366bc0985c190=9lv67bfhkadnuur9ttm4ctgbr2; _ga=GA1.2.27578087.1423928221; cd717b2c44775918f48c367a6a32f30c=sVpfI2bDKibfa4s9.grxd9DIIvm78ogZysG1i; 9317d58b08847e9f711d4f7c96794057=cnd2fq3ndb9tkur0f8ial5uao0; _gat=1"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in: "Connection: keep-alive"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers in done
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers out: "Location: /offres-d-emploi"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers out: "Content-Type: text/html; charset=utf-8"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers out: "Connection: keep-alive"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers out: "Server: EWS"
2015/02/15 12:25:35 [debug] 4880#0: *53 ModSecurity: save headers out done
2015/02/15 12:25:35 [debug] 4880#0: *53 HTTP/1.1 303 See other
Date: Sun, 15 Feb 2015 11:25:35 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: /offres-d-emploi
Server: EWS

2015/02/15 12:25:35 [debug] 4880#0: *53 write new buf t:1 f:0 00000000017070B8, pos 00000000017070B8, size: 196 file: 0, size: 0
2015/02/15 12:25:35 [debug] 4880#0: *53 http write filter: l:0 f:0 s:196
2015/02/15 12:25:35 [debug] 4880#0: *53 http postpone filter "/index.php?q=&q=&l=&m=&option=com_finder&task=jobs.display" 0000000001702280
2015/02/15 12:25:35 [debug] 4880#0: *53 http chunk: 0
2015/02/15 12:25:35 [debug] 4881#0: epoll add event: fd:6 op:1 ev:00002001
2015/02/15 12:25:35 [debug] 4881#0: epoll add event: fd:7 op:1 ev:00002001
2015/02/15 12:25:35 [alert] 1266#0: worker process 4880 exited on signal 11 (core dumped)

[gyoza]

I am having similar core dumps --

$ gdb /usr/sbin/nginx.1.7.10+modsecurity.2.9.0-mod core.2874
warning: core file may not match specified executable file.
[New LWP 2874]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

warning: Skipping deprecated .gdb_index section in /usr/lib/debug/lib64/libz.so.1.2.7.debug.
Do "set use-deprecated-index-sections on" before the file is read
to use the section anyway.
Core was generated by `nginx: worker process                   '.
Program terminated with signal 11, Segmentation fault.
#0  ngx_http_chunked_body_filter (r=0x2cf3230, in=<optimized out>) at src/http/modules/ngx_http_chunked_filter_module.c:126
126             size += ngx_buf_size(cl->buf);
(gdb)

[zimmerle]

@gyoza, @shel3over thanks for the report.

is it something that is new to ModSecurity v2.9.0 or something that you was having on 2.8.0 as well ?

[gyoza]

I am certain 2.8.0 had issues as well.

 nginx[2823]: segfault at ffffffffffffffff ip 000000000045bd17 sp 00007fff784eb710 error 5 in nginx.modsecurity[400000+143000]

/usr/sbin/nginx.modsecurity -V
nginx version: nginx/1.7.9
built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --add-module=../modsecurity-2.8.0/nginx/modsecurity --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --with-http_ssl_module --with-pcre --with-debug

[zimmerle]

@gyoza did you tried the nginx_refactoring branch already?

https://github.com/SpiderLabs/ModSecurity/tree/nginx_refactoring

[gyoza]

Trying it.

[zimmerle]

@gyoza code base is almost the same. I believe that it is ModSecurity v2.9.0-RC2 + a set of patches.

This set of patches may help you with those problems that you are mentioned. I will update it to v2.9.0 + patches as soon as possible.

[gyoza]

Still getting dumps :(

$ gdb /usr/sbin/nginx.1.6.2+modsecurity.2.9.0-refactor core.18138
Reading symbols from /usr/sbin/nginx.1.6.2+modsecurity.2.9.0-refactor...done.
warning: core file may not match specified executable file.
[New LWP 18138]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

warning: Skipping deprecated .gdb_index section in /usr/lib/debug/lib64/libz.so.1.2.7.debug.
Do "set use-deprecated-index-sections on" before the file is read
to use the section anyway.
Core was generated by `nginx: worker process                   '.
Program terminated with signal 11, Segmentation fault.
#0  ngx_http_write_filter (r=0x19d61e0, in=0x2958c68) at src/http/ngx_http_write_filter_module.c:121
121             cl->buf = ln->buf;
(gdb) quit
$ nginx -V
nginx version: nginx/1.6.2
built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --add-module=../ModSecurity-git/nginx/modsecurity --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-ipv6 --with-pcre --with-debug

[gyoza]

Keep in mind I also tried 1.7.10 with the refactor and had same filter module crash.

[shel3over]

@zimmerle i tried different nginx versions and even nginx_refactoring and also modsec 2.8 and 2.9
always the same coredump with the same URL and random TCP connection reset

was an ubuntu 14.04 no idea if this related to some lib version used on ubuntu

[gyoza]

I am using amazon linux FYI.

Also, unrelated, @shel3over we both have cats. awesome.

[zimmerle]

@gyoza for a quick test, can you disable the SecRequestBodyAccess?

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecRequestBodyAccess

[gyoza]

taken out you get this core dump.

Reading symbols from /usr/sbin/nginx.1.6.2+modsecurity.2.9.0-refactor...done.
Core was generated by `nginx: worker process                   '.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000458e8a in ngx_http_chunked_body_filter (r=0x9711e0, in=<optimized out>) at src/http/modules/ngx_http_chunked_filter_module.c:126
126             size += ngx_buf_size(cl->buf);
(gdb)

I think I am noticing a trend also, If i try to hit a non-existant php script with arguments it seems to cause this to happen more often.

for instance

/blog/index.php?hello-world - just jam on refresh and the segfault will happen.

[gyoza]

Any updates?

[taibd]

I have the same problem. when I request to http://example.com/index.php then it OK. But when I request to http://example.com/ or http://example.com/logo.jpg then it throws a exception "worker process exited on signal 11 (core dumped)".
please tell me why and how to fix this bugs??

[taibd]

I checked it is OK for nginx 1.4.6 + modsecurity_refactoring. But i don't known the later version which is Ok. I waste about one week for this bug. I think @zimmerle should early update the patches for modsecurity :)

[zimmerle]

Hi @taibd, thank you for your input.

if you go over the opened bugs will you see that nginx_refactoring is not solving all the problems and it may add some new bugs. That is the main reason why this branch was not merged into the mainline yet. nginx_refactoring is being constantly updated with the mainline code.

[gyoza]

I had crashes using 1.4.7+latest refactor cloned today. Looks like maybe whatever changed from 1.4.6 to 1.4.7 is causing the problem ?

[jondb]

@gyoza, @zimmerle, Does anyone know what the recommended version of nginx and branch of modsecurity to build a working webserver on ubuntu 14.04? We're hitting this problem with a greenfield build and would like to get up and running asap.

[ryanrbftp]

Setting proxy_force_ranges on; seems to work for us.

[xaionaro]

Setting proxy_force_ranges on; seems to work for us.

Helped to me, too. Nginx 1.8.0

[bdargan]

proxy_force_ranges on; worked for me as well. Nginx 1.9.3 and modsec 2.9.0

[ThecaTTony]

Thanks for the workaraund.

[daniellansun]

@ryanrbftp Thanks for your workaraund, which saves me a lot of time!

[metheoryt]

Thanks! proxy_force_ranges worked! nginx 1.9.4, modsecurity 2.9.0

[zimmerle]

No longer a concern in libModSecurity. Marking it as won't fix for 2.x. Further information about libModSecurity available here:
https://github.com/SpiderLabs/ModSecurity/tree/v3/master

[intelbg]

I still have this problem with the latest version of mod security and nginx 1.12. Tried everything but didn't found a fix. Any other suggestions? As I see nginx refectory branch is very old and now it's not the solution.

[zimmerle]

Hi @intelbg, please move forward to the ModSecurity-nginx connector - www.github.com/SpiderLabs/ModSecurity-nginx

[intelbg]

I have the installed the libmodsecurity, but nginx-connector seems to not find it. Can you please tell me why as I post to you the steps I follow:

315 git clone https://github.com/SpiderLabs/ModSecurity
316 cd ModSecurity/
317 git checkout -b origin/v3/master
318 git submodule init
319 git submodule update
320 ./autogen.sh
321 ./configure
322 make
323 make install
324 cd ..
325 ll
326 cd nginx-1.12-new/

• Here I have already downloaded nginx-connector and point the path to it:

327 CFLAGS+=-I/usr/include/httpd ./configure --prefix=/usr/local/nginx/ --error-log-path=/var/log/nginx/error.log --with-http_ssl_module --with-openssl=/root/openssl-1.0.2g/ --with-http_v2_module --add-module=/usr/local/compile/headers-more-nginx-module-0.29rc1 --add-module=/usr/local/src/ngx_pagespeed-release-1.11.33.1-beta --with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc --add-module=/usr/local/src/nginx-1.12-new/testcookie-nginx-module-master/ --with-http_geoip_module --add-module=/usr/local/src/nginx-1.12-new/nginx-module-vts-master/ --add-module=/usr/local/src/ModSecurity-nginx/ --add-module=/usr/local/src/ngx_devel_kit-0.2.19/

Here is what I have in /usr/local/modsecurity:

ls /usr/local/modsecurity/lib/
mod_security2.so

ls /usr/local/modsecurity/bin
mlogc mlogc-batch-load.pl rules-updater.pl

Have I missed something?

[victorhora]

@intelbg You should have something like below on your /usr/local/modsecurity/lib/ directory:

libmodsecurity.a
libmodsecurity.la
libmodsecurity.so -> libmodsecurity.so.3.0.0
libmodsecurity.so.3 -> libmodsecurity.so.3.0.0
libmodsecurity.so.3.0.0

If these files are not present, there's something wrong with your libModSecurity compilation / installation. Or, they might being placed on a different directory.

When compiling Nginx, make sure you point the configure options to where your nginx-connector is correctly located like: ./configure --add-module=/opt/ModSecurity-nginx

Alternatively, you can also try compiling Nginx with a dynamic libModSecurity module like: ./configure --add-dynamic-module=/opt/ModSecurity-nginx --with-compat

And then explicitly enable it on nginx.conf: load_module modules/ngx_http_modsecurity_module.so

EDIT: The compilation recipes here should help: https://github.com/SpiderLabs/ModSecurity/wiki/Compilation-recipes

[intelbg]

@victorhora thank you about your reply. The steps you provided are exactly the steps I follow, but the question is why these libmodsecurity files are not present as there are not compilation errors. Here is the config.log from libmodsecurity compilation:

https://pastebin.com/TU1Fm6S7