-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conflicts with ModSecurity #1
Comments
Does this happen for any requests? Or need to craft specific request in order to reproduce? Thanks |
It happens for any request. I used the dom tools in the browser and
sometimes it just outputs the html and blocks css jpg etc. At other times
it closes the connection.
iPhone. iTypos. iApologize.
…On Wed, 21 Aug 2019, 1:11 pm Danila Vershinin, ***@***.***> wrote:
Does this happen for any requests? Or need to craft specific request in
order to reproduce? Thanks
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1?email_source=notifications&email_token=ADFWMROUNEXRZNI5KWDKCADQFTWR3A5CNFSM4IN4GRW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4YYAEY#issuecomment-523337747>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADFWMRIDK3L2TBI5LPIPAM3QFTWR3ANCNFSM4IN4GRWQ>
.
|
@sharmashivanand the error itself hinted that it's coming from some C++ code, It seems that libmodsecurity is "sensitive" to the If you also put All that said though, it's been a while and I've just tried with:
... and I can't get it to error. My own setup is basically all latest stable releases:
If you can confirm (or anyone else) that this works without issues, we can safely assume that libmodsecurity fixed whatever problem they had; and revert to the old behavior (default to hiding server tokens). |
I can confirm, the error is gone |
Just here to chime in and say that if you are using ModSecurity-nginx / ModSecurity (v3), there is a conflict and you'd see errors like this in nginx error log. The module itself doesn't cause this, but I had the directive
security_headers on;
which caused this. Haven't tested with other directives. Hope this helps anyone coming across this one. Difficult to find.2019/08/20 19:56:31 [alert] 2957#2957: worker process 2980 exited on signal 6
terminate called after throwing an instance of 'std::bad_alloc'
The text was updated successfully, but these errors were encountered: