Skip to content

Fixed deny not work in response phase, Fixed debug log message #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 1, 2013
Merged

Fixed deny not work in response phase, Fixed debug log message #36

merged 1 commit into from
Feb 1, 2013

Conversation

chaizhenhua
Copy link
Contributor

No description provided.

@brenosilva
Copy link
Contributor

Hello chaizhenhua,

The patch looks good. I will test it.
Let me know if you have any idea about the AuditLog issue (seg fault) when we enable serial logging. Looks like we cannot use apr_global_mutexes*() functions. So my first idea was use fopen/fcntl/fwrite/fclose functions to try control the write operation.

@chaizhenhua
Copy link
Contributor Author

hi breno,

I cant reproduce the bug. apr_global_mutexes APIs already have APR_LOCK_FCNTL option, maybe we can use it.
below is my modsecurity.conf, in nginx.conf i set worker_processes to 4 ,and no core files created.

SecRuleEngine  On
SecRule REQUEST_METHOD "GET" "phase:2,log,deny,id:100000"
SecAuditEngine On
SecAuditLog "/usr/local/nginx/logs/audit.log"
SecAuditLogParts ABCFGHIZ
SecAuditLogType Serial
SecAuditLogStorageDir logs/audit
SecAuditLogRelevantStatus ^(?:5|4(?!04))

@brenosilva
Copy link
Contributor

Hello Chai,

I'm still seeing 2013/01/27 05:40:50 [alert] 30628#0: worker process 30629 exited on signal 11 into error.log when enable audit log. Did you compiled APR manually ? What options you used ?

Thanks

@brenosilva
Copy link
Contributor

Let me know the values you have into apr.h:

#define APR_USE_FLOCK_SERIALIZE           1 
#define APR_USE_SYSVSEM_SERIALIZE         0
#define APR_USE_POSIXSEM_SERIALIZE        0
#define APR_USE_FCNTL_SERIALIZE           0 
#define APR_USE_PROC_PTHREAD_SERIALIZE    0 
#define APR_USE_PTHREAD_SERIALIZE         0 
#define APR_HAS_FLOCK_SERIALIZE           1
#define APR_HAS_SYSVSEM_SERIALIZE         1
#define APR_HAS_POSIXSEM_SERIALIZE        1
#define APR_HAS_FCNTL_SERIALIZE           1
#define APR_HAS_PROC_PTHREAD_SERIALIZE    1
#define APR_PROCESS_LOCK_IS_GLOBAL        0

@chaizhenhua
Copy link
Contributor Author

this is my apr.h file, i install apr use yum install apr*

/* This file is here to prevent a file conflict on multiarch systems.  A
 * conflict will occur because apr.h has arch-specific definitions.
 *
 * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */

#if defined(__i386__)
#include "apr-i386.h"
#elif defined(__ia64__)
#include "apr-ia64.h"
#elif defined(__powerpc64__)
#include "apr-ppc64.h"
#elif defined(__powerpc__)
#include "apr-ppc.h"
#elif defined(__s390x__)
#include "apr-s390x.h"
#elif defined(__s390__)
#include "apr-s390.h"
#elif defined(__x86_64__)
#include "apr-x86_64.h"
#else
#error "This apr-devel package does not work your architecture?"
#end

and this is apr-x86_64.h

......
#define APR_HAVE_SHMEM_MMAP_TMP     1
#define APR_HAVE_SHMEM_MMAP_SHM     0
#define APR_HAVE_SHMEM_MMAP_ZERO    1
#define APR_HAVE_SHMEM_SHMGET_ANON  1
#define APR_HAVE_SHMEM_SHMGET       1
#define APR_HAVE_SHMEM_MMAP_ANON    1
#define APR_HAVE_SHMEM_BEOS         0

#define APR_USE_SHMEM_MMAP_TMP     0
#define APR_USE_SHMEM_MMAP_SHM     0
#define APR_USE_SHMEM_MMAP_ZERO    0
#define APR_USE_SHMEM_SHMGET_ANON  0
#define APR_USE_SHMEM_SHMGET       1
#define APR_USE_SHMEM_MMAP_ANON    1
#define APR_USE_SHMEM_BEOS         0

#define APR_USE_FLOCK_SERIALIZE           0
#define APR_USE_SYSVSEM_SERIALIZE         1
#define APR_USE_POSIXSEM_SERIALIZE        0
#define APR_USE_FCNTL_SERIALIZE           0
#define APR_USE_PROC_PTHREAD_SERIALIZE    0
#define APR_USE_PTHREAD_SERIALIZE         1

#define APR_HAS_FLOCK_SERIALIZE           1
#define APR_HAS_SYSVSEM_SERIALIZE         1
#define APR_HAS_POSIXSEM_SERIALIZE        1
#define APR_HAS_FCNTL_SERIALIZE           1
#define APR_HAS_PROC_PTHREAD_SERIALIZE    1

#define APR_PROCESS_LOCK_IS_GLOBAL        0

#define APR_HAVE_CORKABLE_TCP   1
#define APR_HAVE_GETRLIMIT      1

@brenosilva
Copy link
Contributor

Not sure why it is working on your side. It is crashing here

Program terminated with signal 11, Segmentation fault.
#0 0x0089b775 in apr_global_mutex_lock () from /usr/lib/libapr-1.so.0
(gdb) where
#0 0x0089b775 in apr_global_mutex_lock () from /usr/lib/libapr-1.so.0
#1 0x080e0083 in sec_audit_logger (msr=0x97025f8) at ../apache2/msc_logging.c:579
#2 0x080e599d in modsecurity_process_phase_logging (msr=0x97025f8, phase=5) at ../apache2/modsecurity.c:691

brenosilva added a commit that referenced this pull request Feb 1, 2013
@brenosilva
Merge pull request #36 from chaizhenhua/remotes/trunk
34d5289 
Fixed deny not work in response phase, Fixed debug log message
@brenosilva brenosilva merged commit 34d5289 into owasp-modsecurity:remotes/trunk Feb 1, 2013
@brenosilva
Copy link
Contributor

What is your Linux Distro ? I would like to install it and reproduce.

Thanks

@brenosilva
Copy link
Contributor

It should be related to x86_64 plataform too. I don't have it for testing but hope a guy in community would help me

@chaizhenhua
Copy link
Contributor Author

hi, Breno
I'm using Fedora 17 x86_64.

@chaizhenhua chaizhenhua deleted the remotes/trunk branch March 5, 2013 13:34
@majordaw majordaw mentioned this pull request Sep 26, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chaizhenhua @brenosilva