logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Request :: mod_security compile with global lock mode

 
Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules



View previous topic :: View next topic  
Author Message
Alegrys



Joined: 08 Nov 2018
Posts: 1
Location: Ukraine, Kharkiv

PostPosted: Thu 08 Nov '18 16:35    Post subject: Need module compiled with --enable-collection-global-lock Reply with quote

Hello,

We use Apache 2.4.35 Win64 VC15 with mod_security 2.9.2.
OS: Windows 7 x64, Windows 10 x64, Windows Server 2008 x64.

I've configured the mod_security2 to protect our systems behind the apache from a DOS attack when a client sends dozens of requests per second for the same URI with the same IP and session.

But I faced with a mod_security issue relating to the race condition during a counter incrementation (despite there should be the atomicity according to the module documentation).

I found that it is kind of an issue with the access to the Berkley Database used by the module: https://sourceforge.net/p/mod-security/mailman/message/35356634/. In this discussion an expert just suggested a work-around which is not appropriate for me.

But in other discussion it was stated that the issue relating to the "persistent storage locking is based on SDBM file locking mechanism which works only across process boundaries thus making threaded mpm's like worker or event unsafe"https://github.com/SpiderLabs/ModSecurity/pull/1224.
And finally a guy from the ModSecurity team agreed to add to the module the global lock mode which is enabled during the compilation time by the flag --enable-collection-global-lock.

Although this type of locking is fraught with some performance degradation I'd like to try it, because the current version doesn't help at all.

Could you please add a version of the mod_security2 compiled with this flag?

Thanks in advance Smile
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 567

PostPosted: Thu 08 Nov '18 17:49    Post subject: Reply with quote

We only make release versions available, sorry.

Indeed Performance is a concern with this change.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules
Page 1 of 1