enabled apache2 security module - CPU through the roof

Hi,

just enabled the mod_security module for apache and ever since the CPU is hitting 100% along with the module segmentation faulting.
same issue on production server and test server…

any help appreciated
Johnny

lastest LEAP 15.1 & patched.

apache2-mod_security2 - Version: 2.9.2-lp151.2.3 Installed: 2.9.2-lp151.2.3
apache2 - The Apache Web Server Version 2.4 - Version: 2.4.33-lp151.8.9.1 Installed: 2.4.33-lp151.8.9.1

[Tue Mar 03 14:38:06.911547 2020] :notice] [pid 13090] ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/) configured.
[Tue Mar 03 14:38:06.911598 2020] :notice] [pid 13090] ModSecurity: APR compiled version=“1.6.3”; loaded version=“1.6.3”
[Tue Mar 03 14:38:06.911609 2020] :notice] [pid 13090] ModSecurity: PCRE compiled version="8.41 "; loaded version=“8.41 2017-07-05”
[Tue Mar 03 14:38:06.911617 2020] :notice] [pid 13090] ModSecurity: LUA compiled version=“Lua 5.3”
[Tue Mar 03 14:38:06.911625 2020] :notice] [pid 13090] ModSecurity: LIBXML compiled version=“2.9.7”
[Tue Mar 03 14:38:06.911674 2020] :notice] [pid 13090] ModSecurity: StatusEngine call: “2.9.2,Apache,1.6.3/1.6.3,8.41/8.41 2017-07-05,Lua 5.3,2.9.7,c2”
[Tue Mar 03 14:38:06.944267 2020] :notice] [pid 13090] ModSecurity: StatusEngine call successfully sent. For more information visit: http://status.modsecurity.org/
[Tue Mar 03 14:43:37.869998 2020] [core:notice] [pid 13229] AH00052: child pid 13271 exit signal Segmentation fault (11)
[Tue Mar 03 14:43:43.877590 2020] [core:notice] [pid 13229] AH00052: child pid 13270 exit signal Segmentation fault (11)
[Tue Mar 03 14:43:43.877662 2020] [core:notice] [pid 13229] AH00052: child pid 13272 exit signal Segmentation fault (11)
[Tue Mar 03 14:43:45.880813 2020] [core:notice] [pid 13229] AH00052: child pid 13234 exit signal Segmentation fault (11)
[Tue Mar 03 14:43:45.880904 2020] [core:notice] [pid 13229] AH00052: child pid 13238 exit signal Segmentation fault (11)
[Tue Mar 03 14:43:45.880926 2020] [core:notice] [pid 13229] AH00052: child pid 13273 exit signal Segmentation fault (11)
[Tue Mar 03 14:45:46.010677 2020] [core:notice] [pid 13229] AH00052: child pid 13267 exit signal Segmentation fault (11)
[Tue Mar 03 14:45:55.021763 2020] [core:notice] [pid 13229] AH00052: child pid 13302 exit signal Segmentation fault (11)
[Tue Mar 03 14:45:56.024598 2020] [core:notice] [pid 13229] AH00052: child pid 13303 exit signal Segmentation fault (11)
[Tue Mar 03 14:45:56.024770 2020] [core:notice] [pid 13229] AH00052: child pid 13304 exit signal Segmentation fault (11)

Looks like that version compiled for openSUSE is obsolete.

Please

  1. Submit a bug report to https://bugzilla.opensuse.org to rebuild and update to the current release (currently 3.0.4). Give it a high importance which I believe is justified. I don’t know if it will be successfully built and available quickly, a new major version often means the code has substantially changed.
  2. If you don’t want to wait, you can try to compile it yourself. If you have problems compiling or installing, you can post your issue here with details.

https://github.com/SpiderLabs/ModSecurity

TSU