Bug 1400625 - mod_security collections lose increment counts
Summary: mod_security collections lose increment counts
Keywords:
Status: CLOSED DUPLICATE of bug 1388656
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: mod_security
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Daniel Kopeček
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-01 16:11 UTC by Robert Bost
Modified: 2017-03-10 13:27 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-10 13:27:23 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Robert Bost 2016-12-01 16:11:02 UTC 
Description of problem:

When receiving requests quickly or concurrently, mod_security is unable to keep accurate count.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

Here is configuration for reproducing:

    SecRuleEngine On
    SecRule REQUEST_COOKIES:SESSIONID !^$  phase:1,id:118,nolog,pass,setsid:%{REQUEST_COOKIES.SESSIONID}
    SecAction phase:1,id:119,nolog,pass,setvar:SESSION.my_counter=+1

And here is a test script:

for i in $(seq 1 1000); do 
  curl -b "SESSIONID=testing" localhost &> /dev/null &
done


Actual results: Major loss in counter increments. You can check using modsec-sdbm-util and looking at the my_counter variable in output.


Expected results: No loss in counter increments.


Additional info: A solution has been proprosed upstream (https://github.com/SpiderLabs/ModSecurity/pull/1224) and is planned to be included in JBCS distribution of mod_security (https://issues.jboss.org/browse/JBCS-231).
Comment 2 Daniel Kopeček 2017-03-10 13:27:23 UTC 

*** This bug has been marked as a duplicate of bug 1388656 ***
Note You need to log in before you can comment on or make changes to this bug.