headers
Stelio Gouveia | 4 Jan 13:50
Favicon

Re: large resource.pag (16GB)

Hi Folks

On Fri, Dec 11, 2009 at 8:00 PM, Brian Rectanus <Brian.Rectanus <at> breach.com> wrote:
Ryan Barnett wrote:
> On Friday 11 December 2009 03:49:05 am Stelio Gouveia wrote:
>> Hi All
>>
>> I've had disk utilization hovering around 100%, after stracing apache i
>>  found that is frequently opens resource.pag, this makes sense so far as i
>>  make use of modsecurity and apache uses this as some sort of swap file.
>>
> Did you create any custom rules that use the resource collection or is the
> only reference to it the initcol action at the end of the
> modsecurity_crs_10_global.conf file?

I make use of the resource collection to track requests to a given script.
 
>
>> But the file size is 16 GB, does this sound right?
>>
> No, that is huge which makes me think that perhaps your rules are adding data
> to the resource file.
>
>> Would i see apache performance degradation because of a large resource.pag?
>>
> Perhaps yes.

How much RAM+swap is on the box?  This huge file could be causing the
machine to swap heavily if much of it is loaded into RAM.  Stop Apache,
remove the resource.* files (or move them out of the way), then restart
Apache.

The performance improved significantly after removing and recreating the the resource.* files. But this is just an interim solution.
 

I am curious how much and how fast it grows.  As Ryan asked, are you
using the collection in custom rules?  If so, you may need to be
expiring data at a more aggressive rate.  How much traffic are you seeing?

From the 4th of Dec '09 to 4th Jan '10, i've seen this file grow to 395MB. Of course this growth rate would vary depending on my traffic volumes.

I create my resource counter on the first request and then make it deprecate itself by 1 each 600 seconds, then make sure the counter expires after 3600 seconds.
But i'm not so sure that the expiry is happening.

My sec rule which does the above looks like such:
SecRule ARGS:mac "!^$" phase:2,nolog,pass,setvar:resource.score=+1,deprecatevar:resource.score=1/600,expirevar:resource.score=3600

Any obvious problems with this line which could be causing the resource.pag to continue growing?

- Stelio
 

thanks,
-B

--
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html



--
Regards
Stelio Gouveia
--
Skyrove Software Engineer,
Skyrove (Pty) Ltd
Technology Top 100 Award Winner (2006)
Mobile: +27 82 34 09 120
Tel: +27 861 ROVERS (0861 768 377)
Fax: +27 86 6204077
Email & Gtalk: stelio <at> skyrove.com
Web:   www.skyrove.com

This message contains confidential information. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message.
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 2 comments |
headers
Christian Bockermann | 4 Jan 14:13

Re: large resource.pag (16GB)

Hi Stelio!

Am 04.01.2010 um 13:50 schrieb Stelio Gouveia:
> 
> From the 4th of Dec '09 to 4th Jan '10, i've seen this file grow to 395MB. Of course this growth rate would vary
depending on my traffic volumes.
> 
> I create my resource counter on the first request and then make it deprecate itself by 1 each 600 seconds,
then make sure the counter expires after 3600 seconds.
> But i'm not so sure that the expiry is happening.
> 
> My sec rule which does the above looks like such:
> SecRule ARGS:mac "!^$" phase:2,nolog,pass,setvar:resource.score=+1,deprecatevar:resource.score=1/600,expirevar:resource.score=3600
> 
> Any obvious problems with this line which could be causing the resource.pag to continue growing?
> 

Calling "expirevar" might always reset the timer. IIRC I had a similar issue like this
some time ago when working on request-limits. Some details on this can be found here:

   https://secure.jwall.org/blog/2009/07/19/1248004300834.html

As part of that I wrote a tool for viewing collections, which is parts of my current 
distribution of the jwall-tools, available at

     https://secure.jwall.org/download/jwall-tools.jar

Simply calling

     java -jar jwall-tools.jar  collections /path/to/data-dir

should provide you with a view of the current collections. This might be useful for
getting some debugging info. 
To have the collections being continuously refreshed from disk and displayed, simply
add the "--refresh 1" option:

    java -jar jwall-tools.jar  collections --refresh 1 /path/to/data-dir

Best regards,

    Chris
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 1 comment |
headers
Stelio Gouveia | 4 Jan 14:51
Favicon

Re: large resource.pag (16GB)

Hi Christian, great to hear from you.


And seasons greetings to the list.

Christian: I will try this later and fill everyone in with my findings. Suppose i would look for active collections which haven't expired and are older than 1 hour.

- Stelio

On Mon, Jan 4, 2010 at 3:13 PM, Christian Bockermann <chris <at> jwall.org> wrote:
Hi Stelio!

Am 04.01.2010 um 13:50 schrieb Stelio Gouveia:
>
> From the 4th of Dec '09 to 4th Jan '10, i've seen this file grow to 395MB. Of course this growth rate would vary depending on my traffic volumes.
>
> I create my resource counter on the first request and then make it deprecate itself by 1 each 600 seconds, then make sure the counter expires after 3600 seconds.
> But i'm not so sure that the expiry is happening.
>
> My sec rule which does the above looks like such:
> SecRule ARGS:mac "!^$" phase:2,nolog,pass,setvar:resource.score=+1,deprecatevar:resource.score=1/600,expirevar:resource.score=3600
>
> Any obvious problems with this line which could be causing the resource.pag to continue growing?
>


Calling "expirevar" might always reset the timer. IIRC I had a similar issue like this
some time ago when working on request-limits. Some details on this can be found here:

  https://secure.jwall.org/blog/2009/07/19/1248004300834.html

As part of that I wrote a tool for viewing collections, which is parts of my current
distribution of the jwall-tools, available at

    https://secure.jwall.org/download/jwall-tools.jar


Simply calling

    java -jar jwall-tools.jar  collections /path/to/data-dir


should provide you with a view of the current collections. This might be useful for
getting some debugging info.
To have the collections being continuously refreshed from disk and displayed, simply
add the "--refresh 1" option:

   java -jar jwall-tools.jar  collections --refresh 1 /path/to/data-dir


Best regards,

   Chris



--
Regards
Stelio Gouveia
--
Skyrove Software Engineer,
Skyrove (Pty) Ltd
Technology Top 100 Award Winner (2006)
Mobile: +27 82 34 09 120
Tel: +27 861 ROVERS (0861 768 377)
Fax: +27 86 6204077
Email & Gtalk: stelio <at> skyrove.com
Web:   www.skyrove.com

This message contains confidential information. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message.
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
argo | 4 Jan 17:21
Picon

Re: POST vars disappears

 <argolnx <at> gmail.com> writes:

> 
> My server is a CentOS updated server, running mod_security 2.5.9 (using EPEL 
yumrepo).After installing this i've found that a call from a provider (i think 
is madeusing a http call from .NET) don't pass anymore the paramters in the POST 
scope.I've found that even including only modsecurity_crs_10_config.conf the 
problemappears, so I've created a whitelist entry on the top of the file for 
source IPbut I want to understand what is the problem.Could someone help me?I've 
taken some examples using post_log apache module:Without mod_security (i've 
marked some XXX for privacy)==70370b74==============================Request: 
84.55.xx.xx 212.249.xx.xx - - [22/Dec/2009:19:05:42 +0100] "POST
> /gateway/mobilex.cfm HTTP/1.1" 200 5313 "-" "NTH 
Gateway/5.43.1"DejKlFQ3wEsAACZVMBAAAAAA "-"Handler: jrun-handler----------------
------------------------POST /gateway/mobilex.cfm HTTP/1.1
> User-Agent: NTH Gateway/5.43.1Connection: CloseContent-Type: application/x-
www-form-urlencodedHost: 84.55.xx.xxAccept: text/html, image/gif, image/jpeg, *; 
q=.2, */*; q=.2Content-Length: 142142
> 
destination=5555&messageid=6740368&keyword=FFF&sender=0041795244021&time=2009.12
.22+19%3A06%3A04&text=fff+lungo+50+test&provider=22802&header=HTTP/1.1 200 
OKConnection: closeTransfer-Encoding: chunked
> Content-Type: text/html; charset=UTF-8With 
mod_security:==1c8fee30==============================Request: 84.55.xx.xx 
212.249.xx.xx - - [22/Dec/2009:18:56:42 +0100] "POST/gateway/mobilex.cfm 
HTTP/1.1" 500 8467 "-" "NTH Gateway/5.43.1"
> 7bMmnFQ3wEsAACS <at> MF4AAAAB "-"Handler: jrun-handler------------------------
----------------POST /gateway/mobilex.cfm HTTP/1.1User-Agent: NTH 
Gateway/5.43.1Connection: CloseContent-Type: application/x-www-form-urlencoded
> Host: 84.55.xx.xxAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; 
q=.2Content-Length: 1420HTTP/1.1 500 The required parameter DESTINATION was not 
provided.server-error: trueContent-Length: 8467
> Connection: closeContent-Type: text/html; charset=UTF-8
> 
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> 
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html
> 

Finally i've found the problem.
post_log is not fully compatible with mod_security; after post_log was removed 
the system runs fine.

But it's not the end... you have to check out that mlogc is not the same on both 
of the 2 rpm releases (one for CentOS and the other for Fedora).

On my CentOS 5.4 the CentOS' release is not working fine (mlogc is freezing and 
I have to kill it from another term). So finally I've installed on CentOS the 
Fedora release without post_log and all is working fine.

Bye

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 1 comment |
headers
Ivan Ristic | 4 Jan 19:47
Picon

Re: POST vars disappears

I am glad you've solved your problem.

I am not familiar with the post_log module you mention. Where did you
get it from?

On Mon, Jan 4, 2010 at 4:21 PM, argo <argolnx <at> gmail.com> wrote:
>  <argolnx <at> gmail.com> writes:
>
>>
>> My server is a CentOS updated server, running mod_security 2.5.9 (using EPEL
> yumrepo).After installing this i've found that a call from a provider (i think
> is madeusing a http call from .NET) don't pass anymore the paramters in the POST
> scope.I've found that even including only modsecurity_crs_10_config.conf the
> problemappears, so I've created a whitelist entry on the top of the file for
> source IPbut I want to understand what is the problem.Could someone help me?I've
> taken some examples using post_log apache module:Without mod_security (i've
> marked some XXX for privacy)==70370b74==============================Request:
> 84.55.xx.xx 212.249.xx.xx - - [22/Dec/2009:19:05:42 +0100] "POST
>> /gateway/mobilex.cfm HTTP/1.1" 200 5313 "-" "NTH
> Gateway/5.43.1"DejKlFQ3wEsAACZVMBAAAAAA "-"Handler: jrun-handler----------------
> ------------------------POST /gateway/mobilex.cfm HTTP/1.1
>> User-Agent: NTH Gateway/5.43.1Connection: CloseContent-Type: application/x-
> www-form-urlencodedHost: 84.55.xx.xxAccept: text/html, image/gif, image/jpeg, *;
> q=.2, */*; q=.2Content-Length: 142142
>>
> destination=5555&messageid=6740368&keyword=FFF&sender=0041795244021&time=2009.12
> .22+19%3A06%3A04&text=fff+lungo+50+test&provider=22802&header=HTTP/1.1 200
> OKConnection: closeTransfer-Encoding: chunked
>> Content-Type: text/html; charset=UTF-8With
> mod_security:==1c8fee30==============================Request: 84.55.xx.xx
> 212.249.xx.xx - - [22/Dec/2009:18:56:42 +0100] "POST/gateway/mobilex.cfm
> HTTP/1.1" 500 8467 "-" "NTH Gateway/5.43.1"
>> 7bMmnFQ3wEsAACS <at> MF4AAAAB "-"Handler: jrun-handler------------------------
> ----------------POST /gateway/mobilex.cfm HTTP/1.1User-Agent: NTH
> Gateway/5.43.1Connection: CloseContent-Type: application/x-www-form-urlencoded
>> Host: 84.55.xx.xxAccept: text/html, image/gif, image/jpeg, *; q=.2, */*;
> q=.2Content-Length: 1420HTTP/1.1 500 The required parameter DESTINATION was not
> provided.server-error: trueContent-Length: 8467
>> Connection: closeContent-Type: text/html; charset=UTF-8
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev
>>
>> _______________________________________________
>> mod-security-users mailing list
>> mod-security-users <at> lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>> Commercial ModSecurity Appliances, Rule Sets and Support:
>> http://www.modsecurity.org/breach/index.html
>>
>
>
> Finally i've found the problem.
> post_log is not fully compatible with mod_security; after post_log was removed
> the system runs fine.
>
> But it's not the end... you have to check out that mlogc is not the same on both
> of the 2 rpm releases (one for CentOS and the other for Fedora).
>
> On my CentOS 5.4 the CentOS' release is not working fine (mlogc is freezing and
> I have to kill it from another term). So finally I've installed on CentOS the
> Fedora release without post_log and all is working fine.
>
> Bye
>
>
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> mod-security-users mailing list
> mod-security-users <at> lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Appliances, Rule Sets and Support:
> http://www.modsecurity.org/breach/index.html
>

--

-- 
Ivan Ristic
ModSecurity Handbook [https://www.feistyduck.com]
SSL Labs [https://www.ssllabs.com/ssldb/]

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Brian Rectanus | 4 Jan 23:37

Re: Does mod_security 1.9.5 work with 64-bit unix?


Peter M. Abraham wrote:
> Greetings:
> 
> We and many of our colleagues use a hosting automation system where Apache
> 1.3 (Apache, like mySQL maintains several production lines) is still the
> flavor and will be for a number of years to come.
> 
> Are there any adjustments that need to be made to mod_security.c under Mod
> Security 1.9.5 for it to compile under CentOS 5.4 64-bit when using Apache
> 1?

What automation system are you using that is not at least Apache 2.0
compatible?

> 
>> -----Original Message-----
>> From: Peter M. Abraham [mailto:support.team <at> dynamicnet.net]
>> Sent: Friday, December 18, 2009 9:24 AM
>> To: 'mod-security-users <at> lists.sourceforge.net'
>> Subject: Does mod_security 1.9.5 work with 64-bit unix?
>>
>> Greetings:
>>
>> Apache 1 is still extremely popular.

The last release was 2 years ago, so probably not *that* popular ;)

>>
>> A recent compile attempt of mod_security.c on a CentOS 5.4 64-bit failed
> to compile with
>> a number of errors.

Please post the full errors so that a solution may be found.

>>
>> Does mod_security 1.9.5 work with 64-bit unix?

I don't believe that 1.9 was ever tested on a 64-bit platform.

>>
>> If not, can it be adjusted to work with 64-bit versions of already
> supported operating
>> systems?

Perhaps someone on this list has it working (if so please post a patch
and/or instructions)?

We cannot support 1.9 anymore (the platform and code base are too
radically different that I just do not have the resources).  Perhaps if
you *must* use Apache 1.3, you could place an Apache 2.2 version in
front of it as a reverse proxy and put a recent version of ModSecurity
on that?

-B

--

-- 
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 1 comment |
headers
Peter M. Abraham | 5 Jan 01:43
Favicon

Re: Does mod_security 1.9.5 work with 64-bit unix?

Greetings Brian:

We are on H-Sphere 3.0.0 P9.

And while H-Sphere 3.1 forward (Parallels maintains several product lines like mySQL,  Apache, etc.  --
most of which is considered stable and alive) does support the option to pick on a server-by-server basis
whether to be on Apache 1 or Apache 2, we've not yet seen enough incentives to be on Apache 2.

While mod_security 2 is one incentive, it is not large enough to have us leave an extremely stable,
supported by the Apache community (that is to state, not declared EOL), Apache 1 along with the stability
we have with H-Sphere 3.0.0 P9 (almost all of the new versions - multi-branch like mySQL, Apache, etc.)
have stability issues.

What I don't understand is that since Apache 1.3.41 has not been declared EOL, and Apache 1 is still very
popular, why Breach doesn't support both versions of Apache.   But that's just my own lack of understanding.

Thank you.

________________________________________________
Peter M. Abraham
Support and Customer Care Department
Dynamic Net, Inc.
Helping companies do business on the Net
13 Cowpath
Denver, PA 17517
Toll Free Voice: 1-888-887-6727
International: 1-717-484-1062
FAX: 1-717-484-1162
Web:  http://www.dynamicnet.net/services/hsphere.htm

> -----Original Message-----
> From: Brian Rectanus [mailto:Brian.Rectanus <at> breach.com]
> Sent: Monday, January 04, 2010 5:38 PM
> To: support.team <at> dynamicnet.net
> Cc: mod-security-users <at> lists.sourceforge.net
> Subject: Re: [mod-security-users] Does mod_security 1.9.5 work with 64-bit unix?
> 
> 
> Peter M. Abraham wrote:
> > Greetings:
> >
> > We and many of our colleagues use a hosting automation system where Apache
> > 1.3 (Apache, like mySQL maintains several production lines) is still the
> > flavor and will be for a number of years to come.
> >
> > Are there any adjustments that need to be made to mod_security.c under Mod
> > Security 1.9.5 for it to compile under CentOS 5.4 64-bit when using Apache
> > 1?
> 
> What automation system are you using that is not at least Apache 2.0
> compatible?

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Subramanian7 S | 5 Jan 11:18
Favicon

Log Analysis Approach

Hi,
     I want to deploy ModSecurity in my web application. How to come up with a rule set which is specific for the application? What is the general approach followed for such an activity.
 
I have ModSecurity logs captured for the request which injected the common vulnerabilities like SQL injection , XSS etc. I have put the core rule set in place and it results in lot many pattern matchings in the logs.

Subramanian S
=====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you 
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 1 comment |
headers
Brian Rectanus | 5 Jan 19:09

Re: Does mod_security 1.9.5 work with 64-bit unix?

Hmm, you cut my reply off early, so not sure that you read it all, so
let me add some more detail to the discussion...

Ivan Ristic rewrote ModSecurity for 2.x to be more modular so that it
was less Apache centric/dependent.  This modularity was designed to
separate out the ModSecurity engine from the Web server specific code,
allowing more ability to port to other Web servers and easier adapt to
changes in Apache (such as the jump from v1 to v2).  However, there just
was not enough resources (just him) to rewrite for both Apache 1 and
Apache 2 as the architectures of the two platforms are so different, so
the obvious choice is to target the latest (Apache 2) with a design that
was better suited to other platforms (Apache 1, IIS, etc).  The core
engine in 2.5 is pretty close to being separated from the Apache code,
however there is not a well defined separation (API) for a separate
Apache 1 module to live by itself.  I believe that there was always
intention to add Apache 1.3 support in ModSecurity, but there just was
just not much demand for it and so it never came about.

The next major ModSecurity release will be 2.6.  This will focus more on
modularity and the ability to write third-party modules more easily.  At
this point, I think it will be easier to consider a separate modular
port to Apache 1, but probably not by Breach -- especially now that
Apache 2.4 is being carved and the End of Life of 1.3 is finally
becoming a reality
(http://mail-archives.apache.org/mod_mbox/httpd-dev/201001.mbox/%3C6f5b6fe71001041357g76b2b22fn93d083d22a08bf72 <at> mail.gmail.com%3E)
as may be 2.0 as well
(http://mail-archives.apache.org/mod_mbox/httpd-dev/201001.mbox/%3Ccc67648e1001050617lc2dcc4aj33f049af6d115889 <at> mail.gmail.com%3E).
 The capabilities should be there and it would be a good community
project if there truly is a market demand for Apache 1 support.

thanks,
-B

Peter M. Abraham wrote:
> Greetings Brian:
> 
> We are on H-Sphere 3.0.0 P9.
> 
> And while H-Sphere 3.1 forward (Parallels maintains several product lines like mySQL,  Apache, etc.  --
most of which is considered stable and alive) does support the option to pick on a server-by-server basis
whether to be on Apache 1 or Apache 2, we've not yet seen enough incentives to be on Apache 2.
> 
> While mod_security 2 is one incentive, it is not large enough to have us leave an extremely stable,
supported by the Apache community (that is to state, not declared EOL), Apache 1 along with the stability
we have with H-Sphere 3.0.0 P9 (almost all of the new versions - multi-branch like mySQL, Apache, etc.)
have stability issues.
> 
> What I don't understand is that since Apache 1.3.41 has not been declared EOL, and Apache 1 is still very
popular, why Breach doesn't support both versions of Apache.   But that's just my own lack of understanding.
> 
> Thank you.
> 
> ________________________________________________
> Peter M. Abraham
> Support and Customer Care Department
> Dynamic Net, Inc.
> Helping companies do business on the Net
> 13 Cowpath
> Denver, PA 17517
> Toll Free Voice: 1-888-887-6727
> International: 1-717-484-1062
> FAX: 1-717-484-1162
> Web:  http://www.dynamicnet.net/services/hsphere.htm
> 
>> -----Original Message-----
>> From: Brian Rectanus [mailto:Brian.Rectanus <at> breach.com]
>> Sent: Monday, January 04, 2010 5:38 PM
>> To: support.team <at> dynamicnet.net
>> Cc: mod-security-users <at> lists.sourceforge.net
>> Subject: Re: [mod-security-users] Does mod_security 1.9.5 work with 64-bit unix?
>>
>>
>> Peter M. Abraham wrote:
>>> Greetings:
>>>
>>> We and many of our colleagues use a hosting automation system where Apache
>>> 1.3 (Apache, like mySQL maintains several production lines) is still the
>>> flavor and will be for a number of years to come.
>>>
>>> Are there any adjustments that need to be made to mod_security.c under Mod
>>> Security 1.9.5 for it to compile under CentOS 5.4 64-bit when using Apache
>>> 1?
>> What automation system are you using that is not at least Apache 2.0
>> compatible?
> 

--

-- 
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |
headers
Brian Rectanus | 5 Jan 19:18

Re: Please remove

Please remove yourself (see bottom of the page):

https://lists.sourceforge.net/lists/listinfo/mod-security-users

thanks,
-B

Dave Martin wrote:
> Thanks!
>
>
>
> -----Original Message-----
> From: Brian Rectanus [mailto:Brian.Rectanus <at> breach.com] 
> Sent: Tuesday, January 05, 2010 1:09 PM
> To: support.team <at> dynamicnet.net
> Cc: mod-security-users <at> lists.sourceforge.net
> Subject: Re: [mod-security-users] Does mod_security 1.9.5 work with 64-bit unix?
>
> Hmm, you cut my reply off early, so not sure that you read it all, so
> let me add some more detail to the discussion...
>
> Ivan Ristic rewrote ModSecurity for 2.x to be more modular so that it
> was less Apache centric/dependent.  This modularity was designed to
> separate out the ModSecurity engine from the Web server specific code,
> allowing more ability to port to other Web servers and easier adapt to
> changes in Apache (such as the jump from v1 to v2).  However, there just
> was not enough resources (just him) to rewrite for both Apache 1 and
> Apache 2 as the architectures of the two platforms are so different, so
> the obvious choice is to target the latest (Apache 2) with a design that
> was better suited to other platforms (Apache 1, IIS, etc).  The core
> engine in 2.5 is pretty close to being separated from the Apache code,
> however there is not a well defined separation (API) for a separate
> Apache 1 module to live by itself.  I believe that there was always
> intention to add Apache 1.3 support in ModSecurity, but there just was
> just not much demand for it and so it never came about.
>
> The next major ModSecurity release will be 2.6.  This will focus more on
> modularity and the ability to write third-party modules more easily.  At
> this point, I think it will be easier to consider a separate modular
> port to Apache 1, but probably not by Breach -- especially now that
> Apache 2.4 is being carved and the End of Life of 1.3 is finally
> becoming a reality
> (http://mail-archives.apache.org/mod_mbox/httpd-dev/201001.mbox/%3C6f5b6fe71001041357g76b2b22fn93d083d22a08bf72 <at> mail.gmail.com%3E)
> as may be 2.0 as well
> (http://mail-archives.apache.org/mod_mbox/httpd-dev/201001.mbox/%3Ccc67648e1001050617lc2dcc4aj33f049af6d115889 <at> mail.gmail.com%3E).
>  The capabilities should be there and it would be a good community
> project if there truly is a market demand for Apache 1 support.
>
> thanks,
> -B
>
> Peter M. Abraham wrote:
>   
>> Greetings Brian:
>>
>> We are on H-Sphere 3.0.0 P9.
>>
>> And while H-Sphere 3.1 forward (Parallels maintains several product lines like mySQL,  Apache, etc.  --
most of which is considered stable and alive) does support the option to pick on a server-by-server basis
whether to be on Apache 1 or Apache 2, we've not yet seen enough incentives to be on Apache 2.
>>
>> While mod_security 2 is one incentive, it is not large enough to have us leave an extremely stable,
supported by the Apache community (that is to state, not declared EOL), Apache 1 along with the stability
we have with H-Sphere 3.0.0 P9 (almost all of the new versions - multi-branch like mySQL, Apache, etc.)
have stability issues.
>>
>> What I don't understand is that since Apache 1.3.41 has not been declared EOL, and Apache 1 is still very
popular, why Breach doesn't support both versions of Apache.   But that's just my own lack of understanding.
>>
>> Thank you.
>>
>> ________________________________________________
>> Peter M. Abraham
>> Support and Customer Care Department
>> Dynamic Net, Inc.
>> Helping companies do business on the Net
>> 13 Cowpath
>> Denver, PA 17517
>> Toll Free Voice: 1-888-887-6727
>> International: 1-717-484-1062
>> FAX: 1-717-484-1162
>> Web:  http://www.dynamicnet.net/services/hsphere.htm
>>
>>     
>>> -----Original Message-----
>>> From: Brian Rectanus [mailto:Brian.Rectanus <at> breach.com]
>>> Sent: Monday, January 04, 2010 5:38 PM
>>> To: support.team <at> dynamicnet.net
>>> Cc: mod-security-users <at> lists.sourceforge.net
>>> Subject: Re: [mod-security-users] Does mod_security 1.9.5 work with 64-bit unix?
>>>
>>>
>>> Peter M. Abraham wrote:
>>>       
>>>> Greetings:
>>>>
>>>> We and many of our colleagues use a hosting automation system where Apache
>>>> 1.3 (Apache, like mySQL maintains several production lines) is still the
>>>> flavor and will be for a number of years to come.
>>>>
>>>> Are there any adjustments that need to be made to mod_security.c under Mod
>>>> Security 1.9.5 for it to compile under CentOS 5.4 64-bit when using Apache
>>>> 1?
>>>>         
>>> What automation system are you using that is not at least Apache 2.0
>>> compatible?
>>>       
>
>   

--

-- 
Brian Rectanus
Breach Security

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html
Permalink | Reply | 0 comments |

Gmane