Topic: Request :: mod_security compile with global lock mode

[Alegrys]

Hello,

We use Apache 2.4.35 Win64 VC15 with mod_security 2.9.2.
OS: Windows 7 x64, Windows 10 x64, Windows Server 2008 x64.

I've configured the mod_security2 to protect our systems behind the apache from a DOS attack when a client sends dozens of requests per second for the same URI with the same IP and session.

But I faced with a mod_security issue relating to the race condition during a counter incrementation (despite there should be the atomicity according to the module documentation).

I found that it is kind of an issue with the access to the Berkley Database used by the module: https://sourceforge.net/p/mod-security/mailman/message/35356634/. In this discussion an expert just suggested a work-around which is not appropriate for me.

But in other discussion it was stated that the issue relating to the "persistent storage locking is based on SDBM file locking mechanism which works only across process boundaries thus making threaded mpm's like worker or event unsafe"https://github.com/SpiderLabs/ModSecurity/pull/1224.
And finally a guy from the ModSecurity team agreed to add to the module the global lock mode which is enabled during the compilation time by the flag --enable-collection-global-lock.

Although this type of locking is fraught with some performance degradation I'd like to try it, because the current version doesn't help at all.

Could you please add a version of the mod_security2 compiled with this flag?

Thanks in advance

[admin]

We only make release versions available, sorry.

Indeed Performance is a concern with this change.