Okay.. I started to stop playing Desktop Tower Defense, and thank God! Now, back to ‘real’ stuff. I’m been running into some weird stuff with the latest mod_security, and thanks to the great community at the ModSec mailing list, we’re starting to take care of the problems.

Okay.. I started to stop playing Desktop Tower Defense, and thank God! Now, back to ‘real’ stuff. I’m been running into some weird stuff with the latest mod_security, and thanks to the great community at the ModSec mailing list, we’re starting to take care of the problems.

The first problem was addressed a few posts ago, where in conjunction with mod_limitipconn, mod_security was completely bypassed. This was mainly due to how ModSec handles sub requests. They quickly issued a patch and we’re good to go.

But, a few weeks ago, I started encountering another problem where if Dansquardian was at a client location and the form’s post type was using multipart/form-data encode type, I was receiving segfaults on the server. The single Apache thread would die (not killing my whole Apache server). Removing Dansquardian interaction appeared to have fixed the issue, but a few days later it reappeard, and I was able to reproduce it. It was related to ErrorDocument for the particular vhost. Not sure why, but it almost seems like the request was processed twice. Talking to ModSec devs, they pointed out that ErrorDocument is another sub requests.

They just recently issued mod_security-2.1.1-rc1 and this build addresses both issues. So far, things seem to be running smooth with the latest release.