reload memory usage #1546
Comments
|
Testing with cc1d220b408fe73a4e1950b71848772d505d6ce0. Not able to reproduce. Do you mind to shared your configuration summary? |
|
Hi @zimmerle, Could I share offline with you the full configuration, or just give you access to an environment where I can demonstrate it? -Adam |
|
Hi @adamjacobmuller, Sure it won't be a problem. But please, before do that, it will be very good if you can upgrade to the latest version and check if everything is working as expected [or not]. If not, that will be good if you can narrow down the problem to the exactly configuration that is leading to the problem. |
|
Hello @zimmerle. While running continuous reloads with libmodsec loaded as a dynamic module, stock modsecurity.conf and CRS3.0.2 loaded, I can see growing RES footprint. It doesn't happen with the same Nginx binary without ngx_http_modsecurity_module.so loaded. # ps aux | grep nginx | grep -v grep | awk '{print $6}' ModSecurity 04f7009 ; Configure options for libmodsecurity: Default CentOS 7 CXXFLAGS: '-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' ModSecurity - v2.9.0-912-g04f7009 for Linux Mandatory dependencies
Optional dependencies
Other Options
Nginx version is 1.11.10, configure options are pretty much the same as in Fedora package (https://src.fedoraproject.org/rpms/nginx/blob/master/f/nginx.spec), give or take an optional module. Let me know if you need more information. |
|
Thanks for the info @alexdavydov. I was able to reproduce it here. I ran some tests with Valgrind and is also flagging some memory leaks when ngx_http_modsecurity is loaded: ==34396== 41,879 (88 direct, 41,791 indirect) bytes in 1 blocks are definitely lost in loss record 704 of 711 As of now I'm inclined to believe that the issue might be on the connector rather than libModSecurity. Will investigate a bit more. |
|
Hi @ozermetin, Thanks for the report. Re-opening this issue. |
|
@ozermetin @alexdavydov @adamjacobmuller there is the PR that addresses some real leaks in nginx connector: owasp-modsecurity/ModSecurity-nginx#80 Could you please apply the proposed patch and check whether it helps in your cases? |
|
Considering the fact that this issue appears only during reload and having in mind that the initial reporter @adamjacobmuller is having 3k+ rules this might be a duplicate of an issue I also reported in #1663 and tracked down. Please check if it is ok after applying https://github.com./SpiderLabs/ModSecurity/pull/1667/files |
|
Do you mind letting us know if you notice improvements taking Thanks. |
|
It seems the problem was solved. Closing. |
|
I'm afraid I'm facing this problem. Server: |
|
Hi @averges, I am reopening the issue to do a further investigation. |
|
Hi all, I'm hitting the same issue. On every nginx reload the memory usage is increasing. Do you have any update on this matter? |
|
@cocooma we are working on the branch v3/dev/phases. The configuration issues will be tackled there. I will let you know as soon as we manage to have it ok to be tested. |
|
no longer an issue in v3.1-experimental. |
Hello,
We are running ModSecurity@1edd3570e11e9bb2b6d86b249232b24917a4b0ac and ModSecurity-nginx@abbf2c47f6f3205484a1a9db618e067dce213b89 with nginx 1.13.1.
I'm attaching the rule set + modsecurity configuration as well.
When reloading nginx, memory usage will sometimes grow exponentially and easily overwhelm the resources on the server (~100GB of ram). This does not happen 100% of the time, but, is trivial to reproduce just by doing
while true;do nginx -s reload;done, nginx will cause the system to OOM reliably after a few minutes.rules.zip
The text was updated successfully, but these errors were encountered: