ModSecurity isn't a sub-process, it's compiled into the nginx binary and
runs as part of the worker process(es). Nginx doesn't have a concept of
spawning children in the manner you're referencing, so there's nothing to
be monitored wrt. resource consumption. Any resource monitoring would be
done by the kernel, and the target would be nginx itself.
If you're running into an OOM condition with the nginx worker process, it
sounds like a leak within one of the modules (possible, but not definitely,
ModSecurity, if it only happens when you load the OWASP CRS).
On Tue, Jan 19, 2016 at 3:10 PM, Lukas <l@ymx.ch> wrote:
> Hi Felipe
>
> > Felipe Zimmerle <felipe@zimmerle.org> [2016-01-11 17:12]:
> >
> > On Sun, Jan 10, 2016 at 11:05 AM Lukas <l@ymx.ch> wrote:
> >
> > > I found that recommendation. Since I also read that it would not be
> > > fully compatible with OWASP/CRS I have not given it a try.
> > >
> > > What is the situation regrading OWASP/CRS?
> > >
> >
> > Currently there are three different versions of ModSecurity for nginx:
> >
> > - Version 2.9.0: That is the last released version, I think that is the
> one
> > that you are using.
> > - nginx_refactoring: That version contains some fixes on the top of
> v2.9.0,
> > but those fixes may lead to instabilities depending on your
> configuration.
> > - ModSecurity-connector: That is something that still under development
> and
> > we have some work to do, to be exactly:
> >
> >
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20documentation
> >
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20features
> >
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20operators
> >
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20transformation
> >
> https://github.com/SpiderLabs/ModSecurity/labels/libmodsec%20-%20missing%20variables
> >
> > Only use the ModSecurity-connector if you understands well the
> ModSecurity
> > rules and the consequences of the missing pieces.
> >
> > Further information about libModSecurity can be found here:
> >
> http://blog.zimmerle.org/2016/01/an-overview-of-upcoming-libmodsecurity.html
> > or:
> >
> https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/
> >
>
> Thanks for pointing this out.
>
> What worries me a "little bit" is that nginx started crashing with an
> Out-of-Memory Exception when ModSecurity 2.9.0 with OWASP/CRS was
> activated.
>
> Have others experienced similar problems?
>
> Isn't there at least a run-time control in nginx that kills
> subprocesses like ModSecurity as soon as they start overconsuming
> resources/execution time?
>
> Thanks.
>
> wbr
> Lukas
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
