Tweet
Just posting this in case it helps anyone, weve found the imunify 2.25 modsec rulesets which were updated yesterday on some of our servers were causing apache segfaults in rare instances (but 100% of the time and repeatable when they occurred).
apache error logs were showing:
[core:notice] [pid 1933222:tid 47584928334912] AH00051: child pid 3832826 exit signal Segmentation fault (11)
Eventually we tracked it down to the 2.25 modsec ruleset from imunify, you can check the version here /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/VERSION
If your coredump shows this it will likely be the same bug:
Program terminated with signal 11, Segmentation fault.
#0 0x00002b4743927ad7 in msre_fn_removeWhitespace_execute () from /etc/apache2/modules/mod_security2.so
Reverting back to the 2.24 rules by replacing the /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/ with these from backup resolved the issue.
Have reported this to imunify support but posting here as this was tricky to track down and found little online about it, hope it helps.
apache error logs were showing:
[core:notice] [pid 1933222:tid 47584928334912] AH00051: child pid 3832826 exit signal Segmentation fault (11)
Eventually we tracked it down to the 2.25 modsec ruleset from imunify, you can check the version here /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/VERSION
If your coredump shows this it will likely be the same bug:
Program terminated with signal 11, Segmentation fault.
#0 0x00002b4743927ad7 in msre_fn_removeWhitespace_execute () from /etc/apache2/modules/mod_security2.so
Reverting back to the 2.24 rules by replacing the /etc/apache2/conf.d/modsec_vendor_configs/imunify360_full_apache/ with these from backup resolved the issue.
Have reported this to imunify support but posting here as this was tricky to track down and found little online about it, hope it helps.
Comment