Skip to content

remove Nginx ModSecurityPass command #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jan 11, 2013
Merged

remove Nginx ModSecurityPass command #27

merged 7 commits into from
Jan 11, 2013

Conversation

chaizhenhua
Copy link
Contributor

  • move modsecurity handler to PREACCESS phase and remove ModSecurityPass command, so that nginx.conf looks cleaner:
location xxxx {
    ModSecurityEnabled on;
    ModSecurityConfig modsecurity.conf;
    ModSecurityPass yyyy;
}
location yyyy {
    fastcgi_pass zzzz;
}

becomes

location xxxx {
    ModSecurityEnabled on;
    ModSecurityConfig modsecurity.conf;
    fastcgi_pass  yyyy;
}
  • fix log level
  • and clean up some code

@brenosilva
Copy link
Contributor

Hello,

Could you fix this compilation issue:
../modsecurity-apache_2.7.2/nginx/modsecurity//ngx_http_modsecurity.c:346:25: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]

Also when i type sbin/nginx -s stop... got this in error.log
2013/01/10 04:19:16 [notice] 18008#0: signal process started
*** glibc detected *** nginx: worker process: free(): invalid pointer: 0xb7124c00 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x73e42)[0xb7205e42]
nginx: worker process[0x80e126b]
/usr/lib/libapr-1.so.0(+0x19aae)[0xb76beaae]
/usr/lib/libapr-1.so.0(apr_pool_destroy+0x52)[0xb76bdc54]
nginx: worker process[0x80ac180]
nginx: worker process[0x80ab1d9]
nginx: worker process[0x8068828]
nginx: worker process[0x8068a9e]
nginx: worker process[0x806731f]
nginx: worker process[0x80680e2]
nginx: worker process[0x806911d]
nginx: worker process[0x804e59d]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb71ab4d3]
nginx: worker process[0x804d211]
======= Memory map: ========
08048000-0811d000 r-xp 00000000 08:02 622103 /usr/local/nginx/sbin/nginx
0811d000-0811e000 r--p 000d4000 08:02 622103 /usr/local/nginx/sbin/nginx
0811e000-08127000 rw-p 000d5000 08:02 622103 /usr/local/nginx/sbin/nginx

Can you reproduce it ?

Thanks

Breno

@brenosilva
Copy link
Contributor

Also... when i send multiple requests like this one:

POST http://192.168.0.110/acao.php
Host: 192.168.0.110
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://192.168.0.103/
Content-Type: application/x-www-form-urlencoded
Content-Length: 16

price123=1001116

Sometimes the page is not loaded ... i'm using live http (firefox) to replay the transaction and the browser just keep loading the transaction. It does not happen in ModSecurityPass directive.

This my nginx.conf configuration

server_name 192.168.0.110

location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
ModSecurityPass @backend;
}

location @backend {
proxy_pass http://192.168.0.103:80;
proxy_read_timeout 180s;
}

Thanks

Breno

@chaizhenhua
Copy link
Contributor Author

hello,
I can't reproduce invalid pointer error. did it always happen when you stop nginx ? others have been fixed

@brenosilva
Copy link
Contributor

Hello,

Yes.. this is always happening when execute nginx -s stop. Should it be related to apr_pool_destroy() you added ?
I think apr_terminate() will call it internally and will destroy the pools.

@chaizhenhua
Copy link
Contributor Author

hello,

in file apache2/msc_pcre.c:24, msc_pcre_cleanup() free regex->pe twice. and pcre_malloc has been set to modsec_pcre_malloc in nginx, so the first free is invalid. i think this is the problem.

static apr_status_t msc_pcre_cleanup(msc_regex_t *regex) {
    if (regex != NULL) {
        if (regex->pe != NULL) {
            free(regex->pe);
            regex->pe = NULL;
        }
        if (regex->re != NULL) {
            pcre_free(regex->re);
            regex->re = NULL;
        }
    }

    return APR_SUCCESS;
}

@brenosilva
Copy link
Contributor

Just take a look at pull #22. I'm seeing a lot of seg faults when run ab. Maybe this issue could be related to this issue in pull #22 ?

@brenosilva
Copy link
Contributor

I'm going to build a new VM and redo my tests. My current VM is not 100%. Let's see

@brenosilva
Copy link
Contributor

I can confirm the issues in a fresh VM.

@brenosilva
Copy link
Contributor

OK. the bug (ab related one ) disappeared when disable SecAuditEngine... should be related to https://www.modsecurity.org/tracker/browse/MODSEC-374

The sbin/nginx -s stop disappeared too in this new VM. So looks good... but i will do some more tests.

brenosilva added a commit that referenced this pull request Jan 11, 2013
@brenosilva
Merge pull request #27 from chaizhenhua/read_client_request_body
54245c9 
remove Nginx ModSecurityPass command
@brenosilva brenosilva merged commit 54245c9 into owasp-modsecurity:remotes/trunk Jan 11, 2013
@brenosilva
Copy link
Contributor

Patch looks good. Applied. Thanks

@udf2457 udf2457 mentioned this pull request Feb 11, 2016
Closed
@Menahem1 Menahem1 mentioned this pull request Feb 11, 2017
Closed
@majordaw majordaw mentioned this pull request Sep 26, 2017
Closed
@monkburger monkburger mentioned this pull request Mar 10, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chaizhenhua @brenosilva