Summary: | www-apache/mod_security-2.7.1 renders apache very slow to respond | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Tobias Sager <moixa> |
Component: | [OLD] Library | Assignee: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.modsecurity.org/tracker/browse/MODSEC-384 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Tobias Sager
2013-02-12 20:43:57 UTC
Hrm, can you contact upstream please? And maybe try 2.7.2 in ~arch? Because I can't reproduce here.. Do you use @ipMatchFromFile (or the alias @ipMatchF) in any configuration? (In reply to comment #1) > Hrm, can you contact upstream please? And maybe try 2.7.2 in ~arch? Because > I can't reproduce here.. This is my upstream report: https://www.modsecurity.org/tracker/browse/MODSEC-384 And 2.7.2 does also break. (In reply to comment #2) > Do you use @ipMatchFromFile (or the alias @ipMatchF) in any configuration? No use of both. Worked it out with upstream. mod_security-2.7.1 changes from a prng to apr_generate_random_bytes. As my apr was compiled without USE=urandom, it was using /dev/random to generate these bytes. That device is typically slow under virtual machines and finally led to a very slow apache because mod_security was reading from it for each request. Re-compiling apr with USE=urandom did make the problem disappear, all works fine now with mod_security-2.7.2. Thanks for listening.. ;-) |