Marc Stern

We should have "ctl:requestBodyProcessor=gRPC" (and/or "ctl:requestBodyProcessor=protobuf") to trigger a parser understanding the protobuf binary payload transmitted via web sockets. Potential problem: I guess mod_security2 won't receive this binary payload that...

Better to have a centralized function for this: ``` char* get_username(apr_pool_t* mp) { char* username; apr_uid_t uid; apr_gid_t gid; int rc = apr_uid_current(&uid, &gid, mp); if (rc != APR_SUCCESS) return...

Using the numeric value from apr_uid_current is OK (and maybe even better). Both solutions are better than the current bogus behaviour anyway.

For what it worth, we're running this patch from begin March in several (QA) WAF without any problem

Running in 60+ prod servers since June 2021

> if your rule is checking request headers, why not make it a phase:1 rule? Several reasons: - with "configure --enable-request-early", phase 1 rules cannot be embedded in Location -...

Minimal config to reproduce the problem: ``` LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule systemd_module modules/mod_systemd.so LoadModule unixd_module modules/mod_unixd.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule unique_id_module...

Example of stack trace: > Thread 3 "httpd" received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7fffda59e700 (LWP 3202)] > ap_proxy_http_prefetch (url=0x7fffcc325dc0 "/a", uri=0x7fffcc325c80, > req=0x7fffcc325ce0) at mod_proxy_http.c:640 >...

Hi @martinhsv , "SecStreamInBodyInspection on" generates the core dump, "SecStreamInBodyInspection off" works correctly. This really looks like a problem linked to ModSecurity (maybe the way it register as a filter?).

Can anyone answer this? It's running smoothly in prod in 20+ WAF for 6 months, so it may worth checking as it could impede the security (incorrect counters) ...