Andrei Belov

@jeremyjpj0916 copying here as well - it is believed that https://github.com/SpiderLabs/ModSecurity-nginx/commit/4f26b48998db5119ca818b0909b6b14e08ebb544 should resolve at least some of observed misbehaviours reported in #182. If it doesn't, I would appreciate a test...

@suddenhead @ledzepp4eva thanks for reporting this. @zimmerle @victorhora do you think that having some interface between library and connectors to perform such kind of tasks worth to implement?

@victorhora you can leverage approach described at https://forum.nginx.org/read.php?29,247488,247500#msg-247500 (i.e. use standard nginx API to open some stub-file with `ngx_conf_open_file()`, add required handler, and use it for detecting USR1 and HUP...

@victorhora @zimmerle just for the reference, here's a dirty PoC on how to catch SIGUSR1 in modsecurity connector, code diff: ``` diff --git a/src/ngx_http_modsecurity_common.h b/src/ngx_http_modsecurity_common.h index 79355d1..2510c31 100644 --- a/src/ngx_http_modsecurity_common.h...

@jeremyjpj0916 thanks for digging into this! I was trying to compose a minimal test for nginx connector to demonstrate the issue without having entire CRS ruleset included and enabled, and...

@jeremyjpj0916 could you please check that https://github.com/SpiderLabs/ModSecurity-nginx/commit/4f26b48998db5119ca818b0909b6b14e08ebb544 resolves at least some of the issues you've been observing? TIA.

I believe this change should have improved the case described here https://github.com/SpiderLabs/ModSecurity-nginx/issues/170#issuecomment-587351025: https://github.com/SpiderLabs/ModSecurity-nginx/commit/e028ca43c83fd114344c34df6a8dd09eb5f34cc2 I'm seeing correct behaviour with current master of the nginx connector: ``` root@vagrant:/etc/nginx/modsec# cat /etc/nginx/modsec/main.conf include /etc/nginx/modsec/modsecurity.conf...

JFTR: https://github.com/SpiderLabs/ModSecurity-nginx/pull/260#issuecomment-1002043104 https://github.com/SpiderLabs/ModSecurity-nginx/pull/260#issuecomment-1002097999 (there is a reproducible way to observe a number of leaks not necessary related to any regex processing - see the above comments; just came across to...

Hi @AnoopAlias, based on quoted logs, libmodsecurity is trying to deny request due to some matching in response body. Currently this does not work, and we have corresponding test marked...

Observing similar situation on multiple Linux instances (idling most of the time) and grafana-agent installed from official repo: ``` # dpkg -s grafana-agent Package: grafana-agent Status: install ok installed Priority:...