Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Investigate a mechanism for centralized/shared persistent storage #378

rcbarnett opened this Issue · 6 comments

3 participants


MODSEC-224: For distributed environments, we need to extend the persistent storage mechanism to allow for centralized logging. This would allow individual ModSec installs to access a central storage location for initcol, setsid, setuid actions. One option may be to look at memcached.

Possible directives would be:

SecPersistentStorage Local|Centralized

  • Local would be the way it is currently with local SDBM files
  • Centralized would use something like a memcached server(s)

SecCentralizedStorageHost hostname|ip

  • would define where the memcached server is, etc...
@zimmerle zimmerle was assigned

Original reporter: rbarnett

@rcbarnett I have seen that in the beta release of http 2.3 there is now also a memcache implementation for the SSL Sessioncache (modules/cache/mod_socache_memcache.c). Maybe some part of the Code can be reused?

@rcbarnett I tested kyoto tycoon which can be used as an alternative for memcached and has also a replication feature built in, memcached protocol is supported.


rbarnett: there is an Apache module that implements this -

We could re-use some data.


This functionality is under test under the branch:

This test implementation is using memcache to store the collections values. The memcache server can be informed by the utilization of the following configuration option:

SecPersistentStorage memcache "--SERVER=your.server.ip.addrs."

If SecPersistentStorage was not informed or if is set to "local" the collection will be stored on the sdbm files.


Anyone know the current status of this feature? This type of feature would be awesome for people who want to use multiple embedded solutions. Apache 2.4 (as people have mentioned) supports this type of functionality for SSL cache and 2.4 is now in Debian stable (8.0).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.