On 12.12.2013 10:16, Ewald Dieterich wrote: > I already asked on the mod_security developer mailing list for help, but > didn't get a response. So I'm trying my luck here. > > On a Debian unstable installation (Apache 2.4.6, apr 1.4.8, apr-util > 1.5.3, mod_security 2.7.5) I enabled mpm_worker and configured a simple > reverse proxy. When I enable mod_security and then send large amounts of > POST requests to a misconfigured backend server that just drops the > requests, I get segmentation faults. > > For mod_security I only set "SecRequestBodyAccess On", I didn't enable > any rules. Here is the configuration for the location: > > <Location /> > SecRuleEngine On > SecRequestBodyAccess On > > ProxyPass http://backend:8080/ > ProxyPassReverse http://backend:8080/ > </Location> > > On the backend I run faucet to simulate the request-dropping backend > server: > > faucet 8080 --out echo "" > > If a client sends a request, the reverse proxy sends a "502 Bad Gateway" > response and logs the following errors: > > [...] (104)Connection reset by peer: [client 10.128.128.81:49143] > AH01102: error reading status line from remote server backend:8080 > [...] AH00898: Error reading from remote server returned by / > > So everything works as expected. > > Now I send POST requests in parallel by starting this loop on multiple > shells, the more the better (data_file is 25k): > > while true ; do curl -d @data_file http://frontend/ ; done > > Every once in a while I get a segmentation fault. If I enable > mpm_prefork (or disable mod_security) I don't get any segmentation faults. > > This seems to be a multithreading race condition, so I'm not sure if > backtraces are of any help, but I attached two files with the output of > "thread apply all bt" from gdb for two segmentation faults. > > Is this a bug or am I doing something wrong? Thanks for your help!
Could it be https://issues.apache.org/bugzilla/show_bug.cgi?id=50335 See the patch discussion starting at comment #28. The currently committed trunk patches are http://svn.apache.org/viewvc?view=revision&revision=1534321 and http://svn.apache.org/viewvc?view=revision&revision=1550061 Those fixes might not yet be a complete solution to the problem, but might be easy to backport to 2.4 to check whether they fix your problem. Please add your finding to the above bugzilla. Regards, Rainer
