-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nginx/1.7.2 with modsecurity-2.8.0 high cpu load #793
Comments
Hi again, here is the back trace of the worker who hangs: After the worker hangs the strace and ltrace don't output anything. |
This back trace is from refactoring branch |
Hi @Pilotat, do you have others nginx modules installed in this intense? or just the ModSecurity module? It happens 100% of the time? |
Hi @zimmerle, our nginx is build with: The request that we make is: Every single curl request like the one provided triggers this issue, when SecRequestBodyAccess is enabled. |
No longer a concern in libModSecurity. Marking it as won't fix for 2.x. Further information about libModSecurity available here: |
When i want to use mod securtiy for filtering REQUEST_BODY i must enable SecRequestBodyAccess in order to be able to filet the requests.
When i set 'SecRequestBodyAccess On' when i make POST request with post data not bigger than a word the nginx worker hags at 100% CPU usage and does nothing. I tried to strace the worker and it seems to make 3 read from /dev/urandom and then does nothing.
Even if i have no rules that process REQUEST_BODY with SecRequestBodyAccess enabled the worker uses 100% CPU.
If i disable SecRequestBodyAccess there is no such problem but filters that include REQUEST_BODY are NOT working.
The text was updated successfully, but these errors were encountered: