Skip to content

Spontaneous CPU Spikes #991

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hcanning2014 opened this issue Dec 7, 2015 · 5 comments
Closed

Spontaneous CPU Spikes #991

hcanning2014 opened this issue Dec 7, 2015 · 5 comments

Comments

@hcanning2014
Copy link

Hi,
Running
WHM 11.52.1 (build 3)
cPanel Version 11.52.1 (build 3)
Apache Version 2.2.31
PHP Version 5.6.13
MySQL Version 5.5.46-cll
OWASP Ruleset - latest. (WHM auto updates)

with Mod Security 2.9.0 and getting tonnes of error which I assume are causing immediate CPU spikes from 2% to 100% for 1-2 hours. Got 100% CPU twice today for 1.5 hours approx.

Getting these errors in error log...about 50,000 lines of these errors since Dec 1st infact.

Mon Dec 07 13:22:56 2015] [error] [client 96.230.109.34] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXOgC03n6cABqiOE8cAAAEM"] [Mon Dec 07 13:23:08 2015] [error] [client 96.230.109.34] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXOjC03n6cABqiOE9MAAAEA"] [Mon Dec 07 13:23:08 2015] [error] [client 96.230.109.34] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXOjC03n6cABqiPExkAAAAQ"] [Mon Dec 07 13:23:18 2015] [error] [client 180.76.15.20] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/assets/resourceimages/resource69/DSC.Minutes.11.3.15.docx"] [unique_id "VmXOli03n6cABqj1LG4AAABH"] [Mon Dec 07 13:23:22 2015] [error] [client 66.249.75.114] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXOmi03n6cABqj1LG8AAABL"] [Mon Dec 07 13:23:23 2015] [error] [client 66.249.75.98] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/cgi-sys/defaultwebpage.cgi"] [unique_id "VmXOmy03n6cABqiPExsAAAAF"] [Mon Dec 07 13:23:26 2015] [error] [client 172.56.22.61] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXOni03n6cABqj1LHAAAABU"] [Mon Dec 07 13:23:27 2015] [error] [client 172.56.22.61] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/calendar/index.php"] [unique_id "VmXOny03n6cABqj1LHEAAABG"] [Mon Dec 07 13:23:30 2015] [error] [client 208.115.113.88] ModSecurity: Rule processing failed. [hostname "mysite.org"] [uri "/tech_programs/drafting_cad"] [unique_id "VmXOoi03n6cABqiOE@EAAAEG"] [Mon Dec 07 13:24:01 2015] [error] [client 96.230.109.34] ModSecurity: Rule processing failed. [hostname "mysite.org"] [uri "/"] [unique_id "VmXOwS03n6cABqiOE@cAAAEQ"] [Mon Dec 07 13:24:03 2015] [error] [client 40.76.87.39] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "317"] [id "960009"] [rev "1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: msoid.mysite.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "msoid.mysite.org"] [uri "/FPURL.xml"] [unique_id "VmXOwy03n6cABqiNEjwAAADL"] [Mon Dec 07 13:24:03 2015] [error] [client 40.76.87.39] File does not exist: /usr/local/apache/htdocs/FPURL.xml [Mon Dec 07 13:24:34 2015] [error] [client 178.137.89.181] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO4i03n6cABqiOE-EAAAEE"] [Mon Dec 07 13:24:34 2015] [error] [client 178.137.89.181] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.mysite.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO4i03n6cABqiOE-EAAAEE"] [Mon Dec 07 13:24:34 2015] [error] [client 178.137.89.181] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO4i03n6cABqj1LIsAAABF"] [Mon Dec 07 13:24:34 2015] [error] [client 178.137.89.181] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.mysite.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO4i03n6cABqj1LIsAAABF"] [Mon Dec 07 13:24:35 2015] [error] [client 178.137.89.181] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.mysite.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO4y03n6cABqiNEj4AAADN"] [Mon Dec 07 13:24:35 2015] [error] [client 178.137.89.181] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.mysite.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO4y03n6cABqj1LIwAAABQ"] [Mon Dec 07 13:24:36 2015] [error] [client 178.137.89.181] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.mysite.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO5C03n6cABqj1LI0AAABV"] [Mon Dec 07 13:24:36 2015] [error] [client 178.137.89.181] ModSecurity: Warning. Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "299"] [id "960015"] [rev "3"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "Host: www.mysite.org"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO5C03n6cABqj1LI4AAABW"] [Mon Dec 07 13:24:46 2015] [error] [client 73.218.27.232] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXO7i03n6cABqj1LI8AAABS"] [Mon Dec 07 13:25:01 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "283"] [id "960008"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/whm-server-status"] [unique_id "VmXO-S03n6cABqj1LKAAAABK"] [Mon Dec 07 13:25:01 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "317"] [id "960009"] [rev "1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/whm-server-status"] [unique_id "VmXO-S03n6cABqj1LKAAAABK"] [Mon Dec 07 13:25:01 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "35"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5): Request Missing a User Agent Header"] [tag "Host: "] [tag "event-correlation"] [hostname "server1.bhrhost.com"] [uri "/whm-server-status"] [unique_id "VmXO-S03n6cABqj1LKAAAABK"] [Mon Dec 07 13:26:13 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "283"] [id "960008"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/"] [unique_id "VmXPRS03n6cABqiPEyAAAAAC"] [Mon Dec 07 13:26:13 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "317"] [id "960009"] [rev "1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/"] [unique_id "VmXPRS03n6cABqiPEyAAAAAC"] [Mon Dec 07 13:26:13 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "35"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5): Request Missing a User Agent Header"] [tag "Host: "] [tag "event-correlation"] [hostname "server1.bhrhost.com"] [uri "/index.html"] [unique_id "VmXPRS03n6cABqiPEyAAAAAC"] [Mon Dec 07 13:27:57 2015] [error] [client 193.111.140.153] ModSecurity: Rule processing failed. [hostname "www.bhrhost.com"] [uri "/robots.txt"] [unique_id "VmXPrS03n6cABqiOFAcAAAEM"] [Mon Dec 07 13:27:57 2015] [error] [client 193.111.140.153] File does not exist: /usr/local/apache/htdocs/robots.txt [Mon Dec 07 13:28:17 2015] [error] [client 96.230.109.34] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXPwS03n6cABqiPEyIAAAAD"] [Mon Dec 07 13:28:17 2015] [error] [client 108.7.46.17] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXPwS03n6cABqj1LKUAAABB"] [Mon Dec 07 13:29:52 2015] [error] [client 157.55.39.91] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/athletics/"] [unique_id "VmXQIC03n6cABqiNEkMAAADS"] [Mon Dec 07 13:30:01 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "283"] [id "960008"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/whm-server-status"] [unique_id "VmXQKS03n6cABqj1LLgAAABW"] [Mon Dec 07 13:30:01 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "317"] [id "960009"] [rev "1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/whm-server-status"] [unique_id "VmXQKS03n6cABqj1LLgAAABW"] [Mon Dec 07 13:30:01 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "35"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5): Request Missing a User Agent Header"] [tag "Host: "] [tag "event-correlation"] [hostname "server1.bhrhost.com"] [uri "/whm-server-status"] [unique_id "VmXQKS03n6cABqj1LLgAAABW"] [Mon Dec 07 13:30:17 2015] [error] [client 66.249.69.99] ModSecurity: Rule processing failed. [hostname "old.mysite.org"] [uri "/athletics/football/"] [unique_id "VmXQOS03n6cABqiPEy4AAAAC"] [Mon Dec 07 13:31:09 2015] [error] [client 96.230.109.34] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXQbS03n6cABqj1LLsAAABT"] [Mon Dec 07 13:31:10 2015] [error] [client 96.230.109.34] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXQbi03n6cABqiOFAsAAAEO"] [Mon Dec 07 13:31:14 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "283"] [id "960008"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/"] [unique_id "VmXQci03n6cABqj1LLwAAABA"] [Mon Dec 07 13:31:14 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/REQUEST-20-PROTOCOL-ENFORCEMENT.conf"] [line "317"] [id "960009"] [rev "1"] [msg "Request Missing a User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "Host: "] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "server1.bhrhost.com"] [uri "/"] [unique_id "VmXQci03n6cABqj1LLwAAABA"] [Mon Dec 07 13:31:14 2015] [error] [client 127.0.0.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/local/apache/conf/modsec_vendor_configs/OWASP/rules/RESPONSE-80-CORRELATION.conf"] [line "35"] [id "981204"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5): Request Missing a User Agent Header"] [tag "Host: "] [tag "event-correlation"] [hostname "server1.bhrhost.com"] [uri "/index.html"] [unique_id "VmXQci03n6cABqj1LLwAAABA"] [Mon Dec 07 13:31:18 2015] [error] [client 180.76.15.139] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/gallery/1980"] [unique_id "VmXQdi03n6cABqiPEy8AAAAE"] [Mon Dec 07 13:31:30 2015] [error] [client 123.125.71.54] ModSecurity: Rule processing failed. [hostname "www.mysite.org"] [uri "/"] [unique_id "VmXQgi03n6cABqiPEzAAAAAL"] [Mon Dec 07
@hcanning2014 hcanning2014 mentioned this issue Dec 7, 2015
Closed
@zimmerle
Copy link
Contributor

zimmerle commented Dec 9, 2015

Hi @hcanning2014,

Please use gist [1] to paste the DebugLog contents.

Can you paste the first lines of ModSecurity initialization? It should be something similar to:

[...] ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/) configured.
[...] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.2"
[...] ModSecurity: Loaded APR do not match with compiled!
[...] ModSecurity: PCRE compiled version="8.35 "; loaded version="8.35 2014-04-04"
[...] ModSecurity: YAJL compiled version="2.1.0"
[...] ModSecurity: LIBXML compiled version="2.9.2"
[...] ModSecurity: StatusEngine call: "2.9.0,Apache/2.4.12 (Ubuntu),1.5.1/1.5.2,8.35/8.35 2014-04-04,(null),2.9.2,eedae4ca89d23873c0b8f1c77d69121ffe3e6f94"
[...] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/

[1] https://gist.github.com/

@hcanning2014
Copy link
Author

Hi,
Totally new to debugging modsecurity. By DebugLog do you mean modsec_debug_log If so that file is empty at /usr/local/apache/logs
Sorry for my ignorance.
Thanks

@zimmerle
Copy link
Contributor

zimmerle commented Dec 9, 2015

Hi @hcanning2014,

No worries. You can enable the debug log with the directive "SecDebugLog" [1]. There is also another directive that you need enable, it is called: "SecDebugLogLevel" [2]. Your configuration should look something similar to:

SecDebugLog /path/to/some/tmp/dir/file.txt
SecDebugLevel 9

Once you done that, restart your webserver, perform the request(s) that should be blocked and check the content of the file that pointed on SecDebugLog.

Apart from this DebugLog thing, once you start ModSecurity it should create lines similar to the ones that I posted above, those should appear in your Apache error log. Your problem could be a simple "version mismatch".

[1] https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecDebugLog
[2] https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecDebugLogLevel

@hcanning2014
Copy link
Author

ok thats posted. Never used gist before. Can you pull up the code?

@zimmerle
Copy link
Contributor

Hi @hcanning2014, I am assuming that you managed to solve the problem. Do you mind to share more details about what happened? I will close the issue as it seems to not be an issue anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zimmerle @hcanning2014