Hi Lukas, You may want to use the ModSecurity's nginx_refactoring branch instead of the master branch. Here is the link to the branch:
https://github.com/SpiderLabs/ModSecurity/tree/nginx_refactoring Br., Felipe Zimmerle Lead dev for ModSecurity On Sun, Jan 10, 2016 at 10:39 AM Lukas <l...@ymx.ch> wrote: > Dear all > > Fascinated by nginx, I attempted to integrate it with modsecurity. > > Unfortunately, ever when modsecurity is enabled, nginx reports a > sefault in sysmessages. > > Searching the web did not reveal any solution, i.e. I switched off > SecAudit* and even started modsecurity without rules -- it continued > crashing. > > Thank you for any hint on solving this issue. > > Please find next information related to my setup including some logs. > > wbr, Lukas > > == > > My current setup: > > Platform: Linux/4.3.3 running on Debian/wheezy > > nginx: self-compiled from sources according to > https://blog.stickleback.dk/nginx-modsec-on-ubuntu-14-04-lts/ > > modsecurity: installed and configured according to > > https://www.howtoforge.com/tutorial/install-nginx-with-mod_security-on-ubuntu-15-04/ > > Relevant Logs: > > $ /usr/local/nginx/sbin/nginx -V > nginx version: nginx/1.9.9 > built by gcc 4.7.2 (Debian 4.7.2-5) > built with OpenSSL 1.0.1e 11 Feb 2013 > TLS SNI support enabled > configure arguments: --user=www-data --group=www-data --with-pcre-jit > --with-ipv6 --with-http_ssl_module > --add-module=../modsecurity-2.9.0/nginx/modsecurity > --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid > --error-log-path=/var/log/nginx/error.log > --http-log-path=/var/log/nginx/access.log > > $ tail error.log > 2016/01/10 13:13:34 [notice] 10256#0: ModSecurity: LIBXML compiled > version="2.8.0" > 2016/01/10 13:13:34 [notice] 10256#0: ModSecurity: Status engine is > currently disabled, enable it by set SecStatusEngine to On. > 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity for nginx > (STABLE)/2.9.0 (http://www.modsecurity.org/) configured. > 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: APR compiled > version="1.4.6"; loaded version="1.4.6" > 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: PCRE compiled > version="8.30 "; loaded version="8.30 2012-02-04" > 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: LIBXML compiled > version="2.8.0" > 2016/01/10 13:13:35 [notice] 10260#0: ModSecurity: Status engine is > currently disabled, enable it by set SecStatusEngine to On. > 2016/01/10 13:13:38 [alert] 10261#0: worker process 10267 exited on signal > 11 > 2016/01/10 13:13:38 [alert] 10261#0: worker process 10264 exited on signal > 11 > 2016/01/10 13:13:38 [alert] 10261#0: worker process 10265 exited on signal > 11 > > $ dmesg > [605432.202671] nginx[10267]: segfault at 70 ip 08093ba1 sp bfc9a7c0 error > 4 in nginx[8048000+123000] > [605432.385414] nginx[10264]: segfault at 70 ip 08093ba1 sp bfc9a7c0 error > 4 in nginx[8048000+123000] > [605432.409089] nginx[10265]: segfault at 70 ip 08093ba1 sp bfc9a7c0 error > 4 in nginx[8048000+123000] > > -- > Lukas Ruf <http://www.lpr.ch> | Ad Personam > Consecom <http://www.consecom.com> | Ad Laborem > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
