Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High RAM uses #181

Closed
MiteshShah opened this issue Feb 18, 2020 · 8 comments
Closed

High RAM uses #181

MiteshShah opened this issue Feb 18, 2020 · 8 comments
Assignees
@zimmerle

Comments

@MiteshShah
Copy link

Hello All,

I'd built launchpad package six month ago which run just fine.
But when last week we build ModSec 3.0.4 + 1.0.1 (this repo) and 3.04 + master repo which had #175 (works fine for custom error pages) but both of this build had HIGH RAM uses.

NGINX without Modsec take nearly 14MB and as soon as we enable with single vhost its 300MB and if we put 5 vhost its used nearly 500 to 700MB

Screenshot 2020-02-17 at 10 58 48 PM
Screenshot 2020-02-18 at 10 35 59 AM

Also if we disable modsec and restart nginx RAM uses drop to 15MB.

How to test

sudo add-apt-repository ppa:miteshshah/nginx
sudo add-apt-repository ppa:miteshshah/modsecurity
sudo apt-get update
sudo apt-get install nginx libnginx-mod-http-modsecurity
@zimmerle zimmerle self-assigned this Feb 18, 2020
@zimmerle
Copy link
Contributor

zimmerle commented Feb 18, 2020
edited
Loading

Hi @MiteshShah

This memory usage happens immediately after start? or it is something that grows over time?

@MiteshShah
Copy link
Author

MiteshShah commented Feb 18, 2020
edited
Loading

Yup immediately RAM uses goes up and if we disable WAF and restart nginx again drop to 14 to 20 MB

@zimmerle
Copy link
Contributor

How you are loading the rules into the vhosts? Is it a single global configuration or you are loading one by one?

@MiteshShah
Copy link
Author

Each vhost include production.conf file

server {
server_name xyz.com;
....
....
  include /etc/nginx/snippets/production.conf;
}

And inside production.conf we include modsec.conf

cat  /etc/nginx/snippets/production.conf;
# PHP files
location ~ \.php$ {

  #including Modsecurity conf files
  include /etc/nginx/modsec/modsec.conf;
}

cat /etc/nginx/modsec/modsec.conf 
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;

cat /etc/nginx/modsec/main.conf 
# From https://github.com/SpiderLabs/ModSecurity/blob/master/
# modsecurity.conf-recommended
#
# Edit to set SecRuleEngine On
Include "/etc/nginx/modsec/modsecurity.conf"
Include "/etc/nginx/modsec/removed-rules.conf"
Include "/etc/nginx/modsec/waf/rules.conf"

@zimmerle
Copy link
Contributor

In that fashion, you are loading a copy of all the rules for each vhost. I would recommend loading the rules on the main config, adding only specificities in the context of each vhost.

@rahulbhatu
Copy link

Hi @zimmerle ,

we have kept rules in /etc/nginx/modsec/waf/ directory the rules.conf file has all the rules we use. so that looks like global configuration file rules.conf for that vhost.

@zimmerle
Copy link
Contributor

Indeed, that is a global configuration for a vhost, as you have many of them there will be a copy of the loaded rules for each. Instead, you can load the rules below the vhost configuration.

@MiteshShah
Copy link
Author

That helps :)
Thank you @zimmerle

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zimmerle @MiteshShah @rahulbhatu