Universal web application security sensor intended for real-time monitoring and defense.
Home Page: https://www.ironbee.com/
License: Apache License 2.0
The union u field in ib_field_val_t leaks when it is allocated. This is a per-connection leak in the webserver/proxy plugins.
==1888== at 0x4C26FDE: malloc (vg_replace_malloc.c:236)
==1888== by 0xE62595C: bstr_alloc (bstr.c:33)
==1888== by 0xEA57CB0: ib_bytestr_create (bytestr.c:92)
==1888== by 0xEA57D32: ib_bytestr_alias_mem (bytestr.c:184)
==1888== by 0xEA5833D: ib_field_alias_mem_ex (field.c:309)
==1888== by 0xE842BCA: ib_data_add_bytestr_ex (data.c:145)
==1888== by 0xEC60460: ironbee_conn_init (ironbee.c:651)
This is complex to deal with ad-hoc when it arises. Ideally ib_field_val_t should have a record of whether the value needs freeing, and a destructor to deal with it.
I try to register directive. My code :
local ibmod = ...
ibmod:register_param1_directive(
"AttackModule",
function(ib_module, module_config, name, param1)
ibmod:logInfo("Got Directive %s=%s",name,param1)
module_confige[name] = param1
end)
ibmod:conn_started_event(function(ib,event)
ib:logInfo("Handling event=%s : AttackModule=%s",ib.event_name,ib.config["AttackModule"])
return 0
end)
return 0
then I get error as following:
10052014.09h08m34s INFO - IronBee/0.10.0: Starting 10052014.09h08m34s ERROR - LuaAPI - [ERROR] Failed to register directive AttackModule: 6 - ib_engine is not defined in module. ironbee: 10052014.09h08m34s ERROR - LuaAPI - [ERROR] Failed to register directive AttackModule: 6 - ib_engine is not defined in module. 10052014.09h08m34s ERROR - CONFIG Directive "AttackModule" not defined. @ /usr/local/ironbee/etc/ironbee/ironbee.con f:83 ironbee: 10052014.09h08m34s ERROR - CONFIG Directive "AttackModule" not defined. @ /usr/local/ironbee/etc/ironbee/ir onbee.conf:83 10052014.09h08m34s ERROR - Failed to configure the IronBee engine. ironbee: 10052014.09h08m34s ERROR - Failed to configure the IronBee engine. 10052014.09h08m34s INFO - LuaAPI - [INFO ] Validating rules... ironbee: 10052014.09h08m34s INFO - LuaAPI - [INFO ] Validating rules... 10052014.09h08m34s INFO - LuaAPI - [INFO ] Validation found no problems. ironbee: 10052014.09h08m34s INFO - LuaAPI - [INFO ] Validation found no problems. Ironbee failed to create initial engine! (ENOENT) Configuration Failed
could someone tell me what's wrong about it?
As mentioned in the reference manual, I am loading this module into Apache Configuration file and on restarting the server, it fails to start. I checked into the libexec folder where this module mod_ironbee.so is not present and maybe that's the reason Apache was unable to start. Where can I find this module?
Team,
i'm slowly getting libinjection into a real product/project. I now have version numbers! and a
https://github.com/client9/libinjection/blob/master/CHANGELOG.md
I'd recommend updating to 'git checkout v1.1.0'
It's a significant update. However I suspect the rate of change will decrease.
I'd submit a pull request, but I see you copied the whole library in, and not sure what's the best way to do that.
also... you really only need 5 files out of everything. Would it be better, if I make "libinjection" just the core files, and moved all the other stuff out into another package?
thanks,
nickg
CentOS release 5.2 (Final)
2.6.18-92.el5 i386 GNU/Linux
==============================================
ironbee 0.9.0: util/tests/test-suite.log
==============================================
# TOTAL: 33
# PASS: 32
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
.. contents:: :depth: 2
FAIL: test_util_ipset
=====================
Running main() from gtest_main.cc
[==========] Running 10 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 10 tests from TestIPSet
[ RUN ] TestIPSet.TrivialCreation
[ OK ] TestIPSet.TrivialCreation (0 ms)
[ RUN ] TestIPSet.Simple4
[ OK ] TestIPSet.Simple4 (0 ms)
[ RUN ] TestIPSet.Complex4
test_util_ipset.cpp:284: Failure
Value of: reinterpret_cast<const int*>(specific->data)
Actual: NULL
Expected: &marker_c
Which is: 0x8092430
[ FAILED ] TestIPSet.Complex4 (0 ms)
[ RUN ] TestIPSet.Structured4
[ OK ] TestIPSet.Structured4 (167 ms)
[ RUN ] TestIPSet.PositiveSet4
[ OK ] TestIPSet.PositiveSet4 (108 ms)
[ RUN ] TestIPSet.Simple6
[ OK ] TestIPSet.Simple6 (0 ms)
[ RUN ] TestIPSet.Complex6
test_util_ipset.cpp:487: Failure
Value of: reinterpret_cast<const int*>(specific->data)
Actual: NULL
Expected: &marker_c
Which is: 0x8092424
[ FAILED ] TestIPSet.Complex6 (0 ms)
[ RUN ] TestIPSet.Structured6
[ OK ] TestIPSet.Structured6 (318 ms)
[ RUN ] TestIPSet.PositiveSet6
[ OK ] TestIPSet.PositiveSet6 (107 ms)
[ RUN ] TestIPSet.Inval
[ OK ] TestIPSet.Inval (0 ms)
[----------] 10 tests from TestIPSet (700 ms total)
[----------] Global test environment tear-down
[==========] 10 tests from 1 test case ran. (700 ms total)
[ PASSED ] 8 tests.
[ FAILED ] 2 tests, listed below:
[ FAILED ] TestIPSet.Complex4
[ FAILED ] TestIPSet.Complex6
2 FAILED TESTS
Test ./test_util_ipset exited non-zero. See test_util_ipset_stderr.log for details.
test_util_ipset_stderr.log is empty.
PCRE cpatt is compiled but never freed. Unfortunately the traceback is incomplete: only pcre.c and matcher.c are informative.
==1888== 142 bytes in 2 blocks are definitely lost in loss record 1,901 of 2,307
==1888== at 0x4C26FDE: malloc (vg_replace_malloc.c:236)
==1888== by 0x4E40C3A: ink_malloc (in /usr/lib64/libtsutil.so.3.0.0)
==1888== by 0x58B89E1: pcre_compile2 (in /lib64/libpcre.so.0.0.1)
==1888== by 0xEE62B16: modpcre_compile (pcre.c:95)
==1888== by 0xE84B55F: ib_matcher_compile (matcher.c:113)
==1888== by 0xFEEC290: lj_vm_ffi_call (in /usr/local/ironbee/lib/ibmod_lua.so
I am trying to build a set of rpms, Nginx compiled Ironbee unfortunately I am hitting some problems when following the documentation.
I am using the following documentation:
https://github.com/ironbee/ironbee/tree/master/servers/nginx
And this is the spec file I created: (based on the one nginx provides)
https://github.com/sbagmeijer/ulyaoth/blob/master/Repository/ulyaoth-nginx-ironbee/SPECS/ulyaoth-nginx-ironbee.spec
The full configure line is as following:
patch -p0 < /etc/nginx/modules/ironbee/servers/nginx/nginx.patch
./configure \
--prefix=%{_sysconfdir}/nginx \
--sbin-path=%{_sbindir}/nginx \
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
--error-log-path=%{_localstatedir}/log/nginx/error.log \
--http-log-path=%{_localstatedir}/log/nginx/access.log \
--pid-path=%{_localstatedir}/run/nginx.pid \
--lock-path=%{_localstatedir}/run/nginx.lock \
--http-client-body-temp-path=%{_localstatedir}/cache/nginx/client_temp \
--http-proxy-temp-path=%{_localstatedir}/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=%{_localstatedir}/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=%{_localstatedir}/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=%{_localstatedir}/cache/nginx/scgi_temp \
--user=%{nginx_user} \
--group=%{nginx_group} \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-http_geoip_module \
--add-module=/etc/nginx/modules/ironbee/servers/nginx/ \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-ipv6 \
--with-debug \
--with-cc-opt="-I/etc/nginx/modules/ironbee/include" \
--with-ld-opt="-L/etc/nginx/modules/ironbee/libs -lhtp -libutil -lironbee" \
--with-cc-opt="%{optflags} $(pcre-config --cflags)" \
$*
The error I keep getting is:
checking for --with-ld-opt="-L/etc/nginx/modules/ironbee/libs -lhtp -libutil -lironbee" ... not found
./configure: error: the invalid value in --with-ld-opt="-L/etc/nginx/modules/ironbee/libs -lhtp -libutil -lironbee"
I am aware it does say I need to point it to "ironbee/lib" but when I extract the 0.12.2 tar.gz file I only have a "libs" folder so I assume it is just a documentation mistake?
Does anyone perhaps see some obvious mistake I did? or a way to resolve it?
Engine clones log file descriptor, even if it's stderr, it results with leak.
How to reproduce:
add breakpoint to clipy after ib_shutdown and check its file descriptiors.
--- a/engine/core.c
+++ b/engine/core.c
@@ -6354,7 +6369,7 @@ static ib_status_t core_ctx_close(ib_engine_t *ib,
lpi_data->log_uri = "?";
}
}
Team IronBee,
I found you are have included libinjection! Congratulations!
https://github.com/client9/libinjection/
Please note there is a "read-past-end" bug in your version, I doubt any security problems but could cause stability problems depending on how you have integrated it.
In addition, the "normalization" part of libinjection is much simpler (and faster). You do not need to upper-case the input or do any other normalization. If the data comes in the from the query string, you will need to url-decode it, but that is it. The input data is not manipulated, so no copy is needed.
And, new fingerprints have been added as well, and new false-positives eliminated.
Build history, valgrind, cpp check, unit tests, and other tests can now be found here:
http://jenkins.client9.com/view/libinjection/
Please enjoy and feel free to ask any questions,
nickg
The sample IronBee config has the following directive
SensorId 0x98765432
Documentation for this directive does not exist in the user manual and is missing from the audit log header.
--6b8b4567-4dd2be60-1213-4b3c-8fff-41f598765432
Content-Disposition: audit-log-part; name="header"
Content-Transfer-Encoding: binary
Content-Type: application/json
{
"log-timestamp": "2011-05-17T13:28:48.8483-0500",
"log-format": "http-message/1",
"log-id": "6b8b4567-4dd2be60-1213-4b3c-8fff-41f598765432",
"sensor-name": "ExampleSensorName",
"sensor-version": "IronBee/0.2.0 (embedded; PluginName/1.2.3)",
"sensor-hostname": "example.sensor.tld"
}
It looks that libhtp and ironbee should be compiled with the lib iconv
(adding -liconv to the LIBS var at the Makefile fixed the issue).
Also it's needed to specify the path of pcre (macports ports use to set the lib/include path
to /opt/local, instead of /usr or /usr/local as linux).
So after compiling, I configured apache and I got this errors at the startup
/opt/local/apache2/bin/apachectl restart
httpd: Syntax error on line 119 of /opt/local/apache2/conf/httpd.conf:
Cannot load /usr/local/lib/libhtp.dylib into server:
dlopen(/usr/local/lib/libhtp.dylib, 10): Symbol not found: _iconv\n Referenced from: /usr/local/lib/libhtp.dylib\n Expected in: flat
namespace\n in /usr/local/lib/libhtp.dylib
I added -liconv to libhtp/htp/Makefile and then executing it again, the same but with ironbee
/opt/local/apache2/bin/apachectl restart
httpd: Syntax error on line 120 of /opt/local/apache2/conf/httpd.conf:
Cannot load /usr/local/ironbee/lib/mod_ironbee.so into server:
dlopen(/usr/local/ironbee/lib/mod_ironbee.so, 10): Symbol not found: _iconv\n Referenced from: /usr/lib/libaprutil-1.0.dylib\n Expected in: /opt/local/lib/libiconv.2.dylib\n in /usr/lib/libaprutil-1.0.dylib
I did the same at ironbee, adding -liconv to the Makefile,
restarted apache and it loaded correctly.
The request line in the audit log is logged as lower case even though in the example below the method and the protocol are both uppercase.
GET /cmd32.exe HTTP/1.1
...
--35f0831b-4dc8520c-093d-42d6-8fff-043001234567
Content-Disposition: audit-log-part; name="http-request-headers"
Content-Transfer-Encoding: binary
Content-Type: application/octet-stream
get /cmd32.exe http/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110422 Ubuntu/10.04 (lucid) Firefox/3.6.17
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
--35f0831b-4dc8520c-093d-42d6-8fff-043001234567
Content-Disposition: audit-log-part; name="http-response-headers"
Content-Transfer-Encoding: binary
Content-Type: application/octet-stream
HTTP/1.1 404 Not Found
Date: Mon, 09 May 2011 20:43:56 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 236
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
--35f0831b-4dc8520c-093d-42d6-8fff-043001234567--
The official site http://www.ironbee.com is dead.
We should add the pid to the IronBee debug output. This way if/when we segv/abort we can associate the core dump to the request.... If we make it that far before core dump happens of course... :). Example of where this would be useful below..
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventTxStarted ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventRequestStarted ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventTxDataIn[2]: GET /sRJATKpp.dtd HTTP/1.0\r\n
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventTxDataIn[3]: Connection: Keep-Alive\r\n
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventTxDataIn[3]: User-Agent: Mozilla/4.75 (Nikto/2.03 )\r\n
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventTxDataIn[3]: Host: localhost\r\n
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventTxDataIn[3]: \r\n
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: Adding request_headers fields
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: ERROR - Failed to create request uri parameters: 0
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventRequestHeaders ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventHandleContextTx ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: No signatures for phase=0 ctx=0x7f0a8c837e10
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventHandleRequestHeaders ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Request line is a field type: 4
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Request Line cvalue: 0x7f0a8cae17c8
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - REQUEST_LINE=GET /sRJATKpp.dtd HTTP/1.0
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Lower case request line is a field type: 4
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Lower case Request Line value: get /srjatkpp.dtd http/1.0
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Request Line value: GET /sRJATKpp.dtd HTTP/1.0
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Request Headers is a field type: 5
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - REQUEST_HEADERS.Host=localhost
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - REQUEST_HEADERS.User-Agent=Mozilla/4.75 (Nikto/2.03 )
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - REQUEST_HEADERS.Connection=Keep-Alive
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - HTTP Host Header is a field type: 4
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - HTTP REQUEST_HEADERS.HOST=localhost
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Request ARGS is a field type: 5
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - Request Line does not match: (?i:foo)
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: Executing 1 signatures for phase=1 ctx=0x7f0a8c837e10
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: PocSig: Matching "bar" against field "request_line"
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: PocSig NOMATCH
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: Matching AGAINST AC tree 8c833ff3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventRequestBody ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventHandleRequest ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: No signatures for phase=2 ctx=0x7f0a8c837e10
[Sun Oct 16 09:20:43 2011] [error] [client 127.0.0.1] File does not exist: /var/www/sRJATKpp.dtd
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventConnDataOut: HTTP/1.1 404 Not Found\r\nDate: Sun, 16 Oct 2011 14:20:43 GMT\r\nServer: Apache/2.2.14 (Ubuntu)\r\nVary: Accept-Encoding\r\nContent-Length: 285\r\nKeep-Alive: timeout=15, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventResponseStarted ib=0x7f0a8c81d1d0 tx=4e9ae83b-4c2d-4e97-8fff-680779a11cc3
[Sun Oct 16 09:20:43 2011] [debug] mod_ironbee.c(173): IronBee: LuaFFI - example.onEventTxDataOut[type=2]: HTTP/1.1 404 Not Found
[Sun Oct 16 09:20:43 2011] [notice] child pid 26629 exit signal Aborted (6), possible coredump in /tmp
[Sun Oct 16 09:20:43 2011] [notice] child pid 26630 exit signal Aborted (6), possible coredump in /tmp
[Sun Oct 16 09:20:43 2011] [notice] child pid 26632 exit signal Aborted (6), possible coredump in /tmp
This appears to affect both httpd and trafficserver plugins. Looks like low-hanging fruit I can easily fix.
An ib_conn_t struct is created for every connection, but never destroyed:
==1888== at 0x4C26FDE: malloc (vg_replace_malloc.c:236)
==1888== by 0xEA56939: ib_mpool_create_ex (mpool.c:90)
==1888== by 0xE8413BB: ib_conn_create (engine.c:381)
==1888== by 0xEC609FC: ironbee_plugin (ironbee.c:449)
I have successfully pass commonds below:
./autogen.sh
./configure --prefix=/usr/local/ironbee
make
but when i trying to make check, i got errors:
Failure:
test_response(TestFast) [/home/hyf/ironbee-master/clipp/tests/tc_fast.rb:108]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"CLIPP ANNOUNCE: rmessage\n2013-05-29T15:14:28.7841+0800 INFO - [22949] [tx:67bb163b-ff07-450b-a952-9bc7c02dc42a] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/9" rev:1] ACTION clipp_announce("rmessage") \n2013-05-29T15:14:28.7842+0800 INFO - [22949] [tx:67bb163b-ff07-450b-a952-9bc7c02dc42a] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/9" rev:1] ACTION fast("HelloWorld") \nCLIPP ANNOUNCE: rheader\n2013-05-29T15:14:28.7842+0800 INFO - [22949] [tx:67bb163b-ff07-450b-a952-9bc7c02dc42a] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/10" rev:1] ACTION clipp_announce("rheader") \n2013-05-29T15:14:28.7842+0800 INFO - [22949] [tx:67bb163b-ff07-450b-a952-9bc7c02dc42a] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/10" rev:1] ACTION fast("DEF") \n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_multi_threaded(TestHolistic) [/home/hyf/ironbee-master/clipp/tests/tc_holistic.rb:254]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"Error generating input: Failed to parse input.\n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_single_threaded(TestHolistic) [/home/hyf/ironbee-master/clipp/tests/tc_holistic.rb:243]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"Error generating input: Failed to parse input.\n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_ipmatch6_11(TestOperators) [/home/hyf/ironbee-master/clipp/tests/tc_operators.rb:123]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:28.9792+0800 NOTICE - [23033] [tx:4acd0449-a13c-40ec-a20b-4dc9506e9b23] Set hostname to local IP "1.2.3.4"\nCLIPP ANNOUNCE: ipmatch6_11a\n2013-05-29T15:14:28.9796+0800 INFO - [23033] [tx:4acd0449-a13c-40ec-a20b-4dc9506e9b23] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/1" rev:1] ACTION clipp_announce("ipmatch6_11a") \n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_ipmatch_11(TestOperators) [/home/hyf/ironbee-master/clipp/tests/tc_operators.rb:85]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:29.0538+0800 NOTICE - [23065] [tx:23ff18a4-3533-4343-a510-b1265007b6cc] Set hostname to local IP "1.2.3.4"\nCLIPP ANNOUNCE: ipmatch_11a\n2013-05-29T15:14:29.0541+0800 INFO - [23065] [tx:23ff18a4-3533-4343-a510-b1265007b6cc] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/1" rev:1] ACTION clipp_announce("ipmatch_11a") \n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_ipmatch6_11(TestRegression) [/home/hyf/ironbee-master/clipp/tests/tc_regression.rb:173]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:29.3915+0800 NOTICE - [23193] [tx:f6562b3f-7647-46ea-98db-fe72a657401a] Set hostname to local IP "1.2.3.4"\nCLIPP ANNOUNCE: ipmatch6_11a\n2013-05-29T15:14:29.3917+0800 INFO - [23193] [tx:f6562b3f-7647-46ea-98db-fe72a657401a] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/1" rev:1] ACTION clipp_announce("ipmatch6_11a") \n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_ipmatch_11(TestRegression) [/home/hyf/ironbee-master/clipp/tests/tc_regression.rb:135]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:29.4735+0800 NOTICE - [23225] [tx:f39660b8-1b54-4410-9cb7-eda8b1904a5d] Set hostname to local IP "1.2.3.4"\nCLIPP ANNOUNCE: ipmatch_11a\n2013-05-29T15:14:29.4737+0800 INFO - [23225] [tx:f39660b8-1b54-4410-9cb7-eda8b1904a5d] [rule:"site/57f2b6d0-7783-012f-86c6-001f5b320164/1" rev:1] ACTION clipp_announce("ipmatch_11a") \n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_negative_content_length(TestRegression) [/home/hyf/ironbee-master/clipp/tests/tc_regression.rb:53]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:29.5561+0800 NOTICE - [23257] [tx:bbc5fb33-2f12-4188-ba7b-88f55435dd71] Set hostname to local IP "1.2.3.4"\n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_negative_content_length2(TestRegression) [/home/hyf/ironbee-master/clipp/tests/tc_regression.rb:68]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:29.5975+0800 NOTICE - [23273] [tx:3b72287c-2d73-436f-a7b4-6b9f040fcb0e] Set hostname to local IP "1.2.3.4"\n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_request_body_rule(TestRegression) [/home/hyf/ironbee-master/clipp/tests/tc_regression.rb:203]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:29.6736+0800 NOTICE - [23305] [tx:398832e6-c336-4a41-8102-227b70f70e6c] Set hostname to local IP "1.2.3.4"\n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
Failure:
test_rule_engine_log_with_empty_header(TestRegression) [/home/hyf/ironbee-master/clipp/tests/tc_regression.rb:89]:
/ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) / was found in log..
</ (EMERGENCY|CRITICAL|ALERT|ERROR|WARNING) /> expected to not match
<"2013-05-29T15:14:29.7610+0800 NOTICE - [23337] [tx:1afa6499-f572-4201-8763-bb672f6b7711] Set hostname to local IP "1.2.3.4"\n[libprotobuf ERROR google/protobuf/message_lite.cc:123] Can't parse message of type "IronBee.CLIPP.PB.Input" because it is missing required fields: connection\nError generating input: Failed to parse input.\n">.
how does this happen and how to slove it?
When mod_negotiation is loaded with mod_ironbee, it segfaults on not-found documents:
Program received signal SIGSEGV, Segmentation fault.
ironbee_filter_in (f=0x21ccbf0, bb=0x21d26f0, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=8192) at mod_ironbee.c:742
742 rc = ib_context_get(rctx->tx->ctx, "buffer_req",
(gdb) bt
#0 ironbee_filter_in (f=0x21ccbf0, bb=0x21d26f0, mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=8192) at mod_ironbee.c:742
#1 0x0000000000447903 in ap_discard_request_body ()
#2 0x00007fd50d4d58b8 in ?? () from /etc/httpd/modules/mod_negotiation.so
#3 0x00000000004382c0 in ap_run_handler ()
#4 0x00000000004386eb in ap_invoke_handler ()
#5 0x0000000000444e4c in ap_internal_redirect ()
#6 0x000000000044564c in ap_process_request ()
#7 0x00000000004427f0 in ?? ()
#8 0x000000000043ea40 in ap_run_process_connection ()
#9 0x000000000044a114 in ?? ()
#10 0x000000000044a82c in ?? ()
#11 0x000000000044b372 in ap_mpm_run ()
#12 0x0000000000423874 in main ()
2012-08-04T20:28:09.1987+0800 ERROR - ( rules.c:1208 ) [15621] CONFIG Error parsing rule operator "@rx bar": ENOENT @ ../etc/site-default.conf:10
2012-08-04T20:28:09.1987+0800 DEBUG2 - ( rules.c:1260 ) [15621] CONFIG Invalidated all rules in chain "UNKNOWN" @ ../etc/site-default.conf:10
2012-08-04T20:28:09.1988+0800 ERROR - ( config-parser.rl:237 ) [15621] CONFIG Failed to process directive "Rule" : ENOENT (see preceeding messages for details) @ ../etc/site-default.conf:10
2012-08-04T20:28:09.1988+0800 DEBUG2 - ( core.c:4101 ) [15621] Processing site block "Site"
2012-08-04T20:28:09.1988+0800 DEBUG3 - ( config.c:435 ) [15621] CONFIG Stack: ctx=0x22a4a40(main/main) site=(nil)(NONE) loc=(nil)(/) @ ../etc/site-default.conf:11
2012-08-04T20:28:09.1988+0800 DEBUG2 - ( core.c:4110 ) [15621] Closing context 0x22c6390 for "Site"
2012-08-04T20:28:09.1988+0800 DEBUG3 - ( engine.c:1757 ) [15621] Closing context ctx=0x22c6390 'site/default'
2012-08-04T20:28:09.1988+0800 DEBUG2 - ( rule_engine.c:2531 ) [15621] Adding rules from "main/main" to ctx "site/default" temp list
2012-08-04T20:28:09.1988+0800 DEBUG2 - ( rule_engine.c:2580 ) [15621] Adding ctx rules to ctx "site/default" temp list
2012-08-04T20:28:09.1989+0800 DEBUG2 - ( rule_engine.c:2631 ) [15621] Enabling specified rules in "site/default" temp list
2012-08-04T20:28:09.1989+0800 DEBUG2 - ( rule_engine.c:2649 ) [15621] Disabling specified rules in "site/default" temp list
2012-08-04T20:28:09.1989+0800 DEBUG2 - ( rule_engine.c:2670 ) [15621] Adding enabled rules to ctx "site/default" phase list
2012-08-04T20:28:09.1989+0800 DEBUG - ( modhtp.c:2172 ) [15621] Using "htp" parser by default in context site/default.
2012-08-04T20:28:09.1989+0800 DEBUG2 - ( config.c:249 ) [15621] CONFIG Buffer of length 316 must be shrunk. @ ../etc/site-default.conf:11
2012-08-04T20:28:09.1990+0800 DEBUG2 - ( config.c:252 ) [15621] CONFIG Beginning of last line is at index 316. @ ../etc/site-default.conf:11
2012-08-04T20:28:09.1990+0800 DEBUG3 - ( config.c:190 ) [15621] CONFIG Read a 0 byte chunk. Total len=0 @ ../etc/site-default.conf:11
2012-08-04T20:28:09.1991+0800 DEBUG3 - ( config.c:278 ) [15621] CONFIG Done reading config "../etc/site-default.conf" via fd=6 errno=2 @ ../etc/site-default.conf:12
2012-08-04T20:28:09.1991+0800 ERROR - ( config.c:286 ) [15621] CONFIG 1 Error(s) parsing config file: ENOENT @ ../etc/site-default.conf:12
2012-08-04T20:28:09.1991+0800 ERROR - ( config-parser.rl:194 ) [15621] CONFIG Error parsing included file "../etc/site-default.conf": ENOENT @ ../etc/site-default.conf:12
2012-08-04T20:28:09.1991+0800 ERROR - ( config-parser.rl:282 ) [15621] CONFIG Failed to process include directive: ENOENT @ ../etc/site-default.conf:12
2012-08-04T20:28:09.1991+0800 DEBUG2 - ( config.c:249 ) [15621] CONFIG Buffer of length 1184 must be shrunk. @ ../etc/site-default.conf:12
2012-08-04T20:28:09.1991+0800 DEBUG2 - ( config.c:252 ) [15621] CONFIG Beginning of last line is at index 1184. @ ../etc/site-default.conf:12
2012-08-04T20:28:09.1991+0800 DEBUG3 - ( config.c:190 ) [15621] CONFIG Read a 0 byte chunk. Total len=0 @ ../etc/site-default.conf:12
2012-08-04T20:28:09.1992+0800 DEBUG3 - ( config.c:278 ) [15621] CONFIG Done reading config "../etc/ironbee-cli.conf" via fd=4 errno=2 @ ../etc/ironbee-cli.conf:54
2012-08-04T20:28:09.1992+0800 ERROR - ( config.c:286 ) [15621] CONFIG 3 Error(s) parsing config file: ENOENT @ ../etc/ironbee-cli.conf:54
Error parsing configuration: ENOENT
IronBee segv's when trying to Load the example.lua module. Using the example configuration, seems to happen on all platforms.
Oct 28 11:42:12 fedora-15-32-bit kernel: [6376234.793705] httpd[5311]: segfault at 68637469 ip 00872a58 sp bf9a1340 error 4 in ibmod_lua.so[835000+68000]
Oct 28 11:42:12 fedora-15-32-bit systemd[1]: httpd.service: main process exited, code=dumped, status=11
#0 lua_pushfstring (L=0x68637461, fmt=0x88aa58 "@%s") at lj_api.c:612
612 lj_gc_check(L);
(gdb) bt full
#0 lua_pushfstring (L=0x68637461, fmt=0x88aa58 "@%s") at lj_api.c:612
ret = <optimized out>
argp = <optimized out>
#1 0x00884a57 in luaL_loadfile (L=0x68637461, filename=0xbf9a347c "/usr/local/ironbee/lib/example.lua") at lib_aux.c:263
ctx = {fp = 0x210f57d8,
buf = '\000' <repeats 2312 times>, "\a\000\000\000\264\367\354\000\366\000\000\000\270\260\377 W\367\354\000(]\232\277", '\000' <repeats 24 times>, "\a\000\000\000\264\367\354\000H\001\000\000\000\000\000\000\"\367\354\000X]\232\277", '\000' <repeats 1240 times>, "\a\000\000\000\264\367\354\000\366\000\000\000\270\260\377 W\367\354\000Hb\232\277", '\000' <repeats 388 times>, "|#\232\277\350\377\377\377\377\377\377\377\352\023s\000\230'\232\277\242\303\354\000P!c\000\356\200\354\000\350\377\377\377\377\377\377\377\230#\232\277\064(l\000\b\000\000\000\350\377\377\377\377\377\377\377\001\000\000\000\364\357}\000\276\222l\000\337*l\000\000\000\000\000\350\377\377\377\377\377\377\377\001\000\000\000\060'\232\277Y\366\t\000\001\000\000\000\b'\232\277 \000\000\000\020'\000\000\f\000\000\000\242\303\354\000\000\002y\000\000\000\000\000\350g\232\277Wg\232\277\000\000\000\000\001\000\000\000\000\000\000\000\200\025c\000\314&\202\267", '\000' <repeats 12 times>, ":\330d\000\000\000\000\000n\000\000\000w\000\000\000|"...}
status = <optimized out>
chunkname = <optimized out>
#2 0x0083ccfb in modlua_load_lua_file (pchunk=<synthetic pointer>, file=0xbf9a347c "/usr/local/ironbee/lib/example.lua", ls=0x68637461, ib=0x210ef4d0) at lua.c:418
pool = 0x68637461
chunk = 0x210f4021
name_start = <optimized out>
ec = <optimized out>
L = 0x68637461
name = 0x210f4019 "example"
name_end = <optimized out>
rc = <optimized out>
#3 modlua_module_load (ib=0x210ef4d0, file=0xbf9a347c "/usr/local/ironbee/lib/example.lua", pm=0x0) at lua.c:540
chunk = 0x210f4021
maincfg = 0x210f1d1e
mlist = 0x0
L = 0x68637461
m = <optimized out>
rc = IB_OK
use_onload = 0
#4 0x0083e277 in modlua_dir_param1 (cp=0x210f2188, name=0x210f57c0 "LuaLoadModule", p1=0x210f25a8 "example.lua", cbdata=0x0) at lua.c:1880
fn = "/usr/local/ironbee/lib/example.lua\000\000\000\000\000\000\000\000\000\000\314Ua\000t\b`\000H\025\017!\t", '\000' <repeats 15 times>"\243, \360`\000\005\362`\000\360\264\203\000\360\264\203\000\000\000\000\000\000\000\000\000\374\062`\000d\026\017!\001\000\000\000\004\000\000\000\f\000\000\000x\364\016!\001\000\000\000\020\000\000\000\030\346\211\000\320\364\016!\000\000\000\000\360\264\203\000\017ڃ\000\320\364\016!\004\000\000\000\360\264\203\000\004\000\000\000@\351\211\000\320\364\016!\350\000\017!\005\000\000\000H\025\017!\a\000\000\000\241>\017!\036\035\017!R\006\000\000\304\367`\000x5\232\277\314Ua\000@\351\211\000\320\364\016!\000\000\000\000\034+`\000\320\364\016!@\351\211\000\000\000\000\000\067\360`\000R\006\000\000\304\367`\000"...
len = <optimized out>
ib = 0x210ef4d0
rc = <optimized out>
#5 0x006065dc in ib_config_directive_process (cp=0x210f2188, name=0x210f57c0 "LuaLoadModule", args=0x210efae0) at config.c:522
ib = 0x210ef4d0
rec = 0x89d9c0
node = <optimized out>
nargs = 1
p1 = 0x210f25a8 "example.lua"
p2 = <optimized out>
flags = <optimized out>
fmask = <optimized out>
rc = <optimized out>
i = <optimized out>
#6 0x00606e91 in ib_cfgparser_ragel_parse_chunk (cp=0x210f2188,
buf=0xbf9a4a75 "LuaLoadModule \"example.lua\"\n\n### Main Context (need separate directives for these)\nSet parser \"htp\"\n\n# Enable inspection engine (TODO: Implement)\n#InspectionEngine On\n\n# Enable audit engine\nAuditEngin"..., blen=28) at config-parser.rl:100
_klen = <optimized out>
_nacts = <optimized out>
_keys = <optimized out>
_trans = <optimized out>
_acts = 0x61004b "\r\002\005\025\002\005\026\002\006\021\002\a\032\002\b\t\002\v\f\002\v\020\002\v\024\002\v\030\002\v\034\002\v\035\003\001\004\r\003\v"
---Type <return> to continue, or q <return> to quit---
ib = 0x210ef4d0
mptmp = <optimized out>
rc = <optimized out>
plist = 0x210efae0
data = 0xbf9a4a75 "LuaLoadModule \"example.lua\"\n\n### Main Context (need separate directives for these)\nSet parser \"htp\"\n\n# Enable inspection engine (TODO: Implement)\n#InspectionEngine On\n\n# Enable audit engine\nAuditEngin"...
fsm = {
p = 0xbf9a4a90 "\n\n### Main Context (need separate directives for these)\nSet parser \"htp\"\n\n# Enable inspection engine (TODO: Implement)\n#InspectionEngine On\n\n# Enable audit engine\nAuditEngine RelevantOnly\n#AuditLogInd"...,
pe = 0xbf9a4a91 "\n### Main Context (need separate directives for these)\nSet parser \"htp\"\n\n# Enable inspection engine (TODO: Implement)\n#InspectionEngine On\n\n# Enable audit engine\nAuditEngine RelevantOnly\n#AuditLogInde"..., eof = 0x0,
ts = 0xbf9a4a90 "\n\n### Main Context (need separate directives for these)\nSet parser \"htp\"\n\n# Enable inspection engine (TODO: Implement)\n#InspectionEngine On\n\n# Enable audit engine\nAuditEngine RelevantOnly\n#AuditLogInd"...,
te = 0xbf9a4a90 "\n\n### Main Context (need separate directives for these)\nSet parser \"htp\"\n\n# Enable inspection engine (TODO: Implement)\n#InspectionEngine On\n\n# Enable audit engine\nAuditEngine RelevantOnly\n#AuditLogInd"..., cs = 22, top = 1, act = 0, stack = {16, 0 <repeats 1023 times>}}
#7 0x0060594c in ib_cfgparser_parse (cp=0x210f2188, file=0x21071a40 "/usr/local/ironbee/etc/ironbee.conf.example") at config.c:206
chunk_len = 28
ec = <optimized out>
remaining = <optimized out>
chunk_start = <optimized out>
chunk_end = 0xbf9a4a90 "\n\n### Main Context (need separate directives for these)\nSet parser \"htp\"\n\n# Enable inspection engine (TODO: Implement)\n#InspectionEngine On\n\n# Enable audit engine\nAuditEngine RelevantOnly\n#AuditLogInd"...
fd = 9
buf = "### Logging\n#DebugLog /var/log/ironbee/debug.log\nDebugLogLevel 4\n# TODO: Default is still stderr logging - this will go to Apache error_log\nSet logger \"mod_ironbee\"\n\n### Sensor Info\n# Sensor ID, must "...
buf_end = 0xbf9a680c ""
buf_mark = 0xbf9a5162 "\232\277TT\232\277\327\327Y"
nbytes = -1080407408
rc = IB_OK
#8 0x00831a95 in ironbee_post_config (p=0x20ffb0b8, plog=0x21029170, ptmp=0x2102d180, s=0x20ffcfb0) at mod_ironbee.c:871
ctx = <optimized out>
modcfg = 0x2107c650
cp = 0x210f2188
lpr = 0x210efdda
init = 0x1
rc = <optimized out>
#9 0x00eb0086 in ap_run_post_config (pconf=0x20ffb0b8, plog=0x21029170, ptemp=0x2102d180, s=0x20ffcfb0) at /usr/src/debug/httpd-2.2.17/server/config.c:94
pHook = <optimized out>
n = <optimized out>
rv = <optimized out>
#10 0x00e995e6 in main (argc=1, argv=0xbf9a6a04) at /usr/src/debug/httpd-2.2.17/server/main.c:728
c = 0 '\000'
configtestonly = 0
confname = 0xec808c "conf/httpd.conf"
def_server_root = 0xec8081 "/etc/httpd"
temp_error_log = 0x0
error = <optimized out>
process = 0x20ffcfb0
server_conf = 0x20ffcfb0
pglobal = 0x20ff9140
pconf = 0x20ffb0b8
plog = 0x21029170
ptemp = 0x2102d180
pcommands = 0x20ffd0c0
opt = 0x20ffd160
rv = 553619776
mod = <optimized out>
---Type <return> to continue, or q <return> to quit---
optarg = 0xec7730 "UWVS\350\300 \375\377\201\303\337B\001"
signal_server = <optimized out>
When GeoIPDatabaseFile points at a non-existent file, ib seg faults in libGeoIP:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5b65871 in ?? () from /usr/lib64/libGeoIP.so.1
(gdb) where
#0 0x00007ffff5b65871 in ?? () from /usr/lib64/libGeoIP.so.1
#1 0x00007ffff5d92d90 in geoip_lookup (ib=0x6040f0, tx=0x624220, data=) at geoip.c:90
#2 0x00007ffff7bc640d in ib_state_notify (ib=0x6040f0, event=handle_context_tx_event, param=0x624220) at engine.c:746
#3 0x00007ffff7bc64ba in ib_state_notify_tx (ib=0x6040f0, event=handle_context_tx_event, tx=0x624220) at engine.c:909
#4 0x00007ffff7bc6d1b in ib_state_notify_request_headers (ib=0x6040f0, tx=0x624220) at engine.c:1238
#5 0x00007ffff6de9fc3 in modhtp_htp_request_headers (connp=) at htp.c:529
#6 0x00007ffff759cb05 in hook_run_all (hook=0x608fc0, data=0x619420) at hooks.c:144
#7 0x00007ffff75a448a in htp_connp_REQ_BODY_DETERMINE (connp=0x619420) at htp_request.c:422
#8 0x00007ffff75a49e9 in htp_connp_req_data (connp=0x619420, timestamp=, data=, len=) at htp_request.c:948
#9 0x00007ffff6de85dd in modhtp_iface_data_in (pi=, qcdata=0x7fffffffb8a0) at htp.c:1060
#10 0x00000000004017ca in runConnection (ib=0x6040f0, requestfile=, responsefile=0x7fffffffe0b3 "../capture/wget-proxy-2-resp.htp")
at ibcli.c:198
#11 0x00000000004012ce in main (argc=7, argv=0x7fffffffdb68) at ibcli.c:386
(gdb) f 1
#1 0x00007ffff5d92d90 in geoip_lookup (ib=0x6040f0, tx=0x624220, data=) at geoip.c:90
90 geoip_rec = GeoIP_record_by_addr(geoip_db, ip);
(gdb) p ip
$1 = 0x401b4f "10.10.10.10"
./ironbee_test.py --local-apache --one-shot="TRACE / HTTP/1.0\r\nHost: foo\r\n\r\n"
./ironbee_test.py --local-apache --one-shot="TRACE / HTTP/1.1\r\nHost: foo\r\n\r\n"
results in:
apache2: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
[Tue Jun 14 16:52:20 2011] [debug] mod_ironbee.c(270): IronBee: Child exit pid=21844
[Tue Jun 14 16:52:20 2011] [debug] mod_ironbee.c(270): IronBee: Child exit pid=21843
[Tue Jun 14 16:52:20 2011] [debug] mod_ironbee.c(270): IronBee: Child exit pid=21926
[Tue Jun 14 16:52:20 2011] [info] removed PID file /home/coz/workspace2/waf-qa/server_root/lo
gdb apache2 server_root/tmp/core
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/sbin/apache2...done.
[New Thread 21846]
[New Thread 21855]
[New Thread 21858]
[New Thread 21894]
[New Thread 21842]
[New Thread 21872]
[New Thread 21853]
[New Thread 21917]
[New Thread 21848]
[New Thread 21878]
[New Thread 21861]
[New Thread 21891]
[New Thread 21867]
[New Thread 21850]
[New Thread 21864]
[New Thread 21882]
[New Thread 21921]
[New Thread 21910]
[New Thread 21869]
[New Thread 21913]
[New Thread 21875]
[New Thread 21885]
[New Thread 21905]
[New Thread 21888]
[New Thread 21896]
[New Thread 21903]
[New Thread 21900]
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libpcre.so.3...Reading symbols from /usr/lib/debug/lib/libpcre.so.3.12.1...done.
done.
Loaded symbols for /lib/libpcre.so.3
Reading symbols from /usr/lib/libaprutil-1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libaprutil-1.so.0
Reading symbols from /usr/lib/libapr-1.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libapr-1.so.0
Reading symbols from /lib/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/libpthread-2.11.1.so...done.
done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...Reading symbols from /usr/lib/debug/lib/libc-2.11.1.so...done.
done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libuuid.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libuuid.so.1
Reading symbols from /lib/librt.so.1...Reading symbols from /usr/lib/debug/lib/librt-2.11.1.so...done.
done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libcrypt.so.1...Reading symbols from /usr/lib/debug/lib/libcrypt-2.11.1.so...done.
done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libdl.so.2...Reading symbols from /usr/lib/debug/lib/libdl-2.11.1.so...done.
done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libexpat.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libexpat.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.11.1.so...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib/libnss_files-2.11.1.so...done.
done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /usr/lib/apache2/modules/mod_proxy.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/apache2/modules/mod_proxy.so
Reading symbols from /usr/lib/apache2/modules/mod_proxy_http.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/apache2/modules/mod_proxy_http.so
Reading symbols from /usr/lib/apache2/modules/mod_unique_id.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/apache2/modules/mod_unique_id.so
Reading symbols from /usr/lib/libxml2.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libxml2.so
Reading symbols from /lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/libm.so.6...Reading symbols from /usr/lib/debug/lib/libm-2.11.1.so...done.
done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/local/lib/libhtp.so...done.
Loaded symbols for /usr/local/lib/libhtp.so
Reading symbols from /usr/local/ironbee/lib/mod_ironbee.so...done.
Loaded symbols for /usr/local/ironbee/lib/mod_ironbee.so
Reading symbols from /usr/lib/libdb-4.8.so...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libdb-4.8.so
Reading symbols from /usr/local/ironbee/lib/libironbee.so.0...done.
Loaded symbols for /usr/local/ironbee/lib/libironbee.so.0
Reading symbols from /usr/local/ironbee/lib/libibutil.so.0...done.
Loaded symbols for /usr/local/ironbee/lib/libibutil.so.0
Reading symbols from /usr/local/ironbee/lib/ibmod_pcre.so...done.
Loaded symbols for /usr/local/ironbee/lib/ibmod_pcre.so
Reading symbols from /usr/local/ironbee/lib/ibmod_htp.so...done.
Loaded symbols for /usr/local/ironbee/lib/ibmod_htp.so
Reading symbols from /usr/local/ironbee/lib/ibmod_poc_sig.so...done.
Loaded symbols for /usr/local/ironbee/lib/ibmod_poc_sig.so
Reading symbols from /usr/local/ironbee/lib/ibmod_lua.so...done.
Loaded symbols for /usr/local/ironbee/lib/ibmod_lua.so
Reading symbols from /lib/libgcc_s.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libgcc_s.so.1
Core was generated by `apache2 -d /home/coz/workspace2/waf-qa/server_root -f /home/coz/workspace2/waf-'.
Program terminated with signal 6, Aborted.
#0 0x00007f8172499a75 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt full
#0 0x00007f8172499a75 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = <value optimized out>
selftid = <value optimized out>
#1 0x00007f817249d5c0 in *__GI_abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0x7f81727e4e98 <main_arena+88>, sa_sigaction = 0x7f81727e4e98 <main_arena+88>}, sa_mask = {__val = {140193946074784, 140193885201184, 48, 140193885201424, 140193945145574,
206158430256, 140193885201464, 140193885201216, 140193981182592, 140193981182697, 0, 140733710881996, 140193946061562, 140193946065247, 3096, 19133042704}}, sa_flags = 1953202304,
sa_restorer = 0x7f8170250000 <core_dir_site_start+208>}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f81724e1214 in __malloc_assert (av=0x7f81727e4e40, bytes=568) at malloc.c:352
No locals.
#3 _int_malloc (av=0x7f81727e4e40, bytes=568) at malloc.c:4480
nb = 140193946079344
idx = <value optimized out>
bin = <value optimized out>
victim = 0x7f81727e4e98
size = 48
victim_index = <value optimized out>
remainder = <value optimized out>
remainder_size = <value optimized out>
block = <value optimized out>
bit = <value optimized out>
map = <value optimized out>
fwd = <value optimized out>
bck = <value optimized out>
errstr = <value optimized out>
__func__ = "_int_malloc"
#4 0x00007f81724e258e in *__GI___libc_malloc (bytes=568) at malloc.c:3660
ar_ptr = 0x7f81727e4e40
victim = <value optimized out>
__func__ = "__libc_malloc"
#5 0x00007f81724ce4cb in __fopen_internal (filename=0x7f817472b280 "/home/coz/workspace2/waf-qa/server_root/logs/audit/20110614/2152/4df7d814-1aa8-4588-8fff-555298765432.log", mode=0x5556 <Address 0x5556 out of bounds>, is32=6)
at ../sysdeps/wordsize-64/../../libio/iofopen.c:76
No locals.
#6 0x00007f817025162e in core_audit_open (lpi=, log=0x7f8174723440) at core.c:345
dtmp = "20110614/2152\000\000\000\340'\272n\201\177\000\000@\rkt\201\177\000"
dn = "/home/coz/workspace2/waf-qa/server_root/logs/audit/20110614/2152\000\000\000\000\000\000\000\000\311q%p\201\177\000\000k\257rt\201\177\000\000`7Vr\201\177\000\000\001\200\255\373\000\000\000\000k\257rt\201\177\000\000k\257rt\201\177\000\000k\257rt\201\177\000\000k\257rt\201\177\000\000q\257rt\201\177\000\000v\257rt\201\177\000\000k\257rt\201\177\000\000v\257rt\201\177", '\000' <repeats 46 times>, "\004\000\000\000\t\000\000\000\000\000\000\000\000\000~r\201\177\000\000\000\000\000\000\000\000\000\000\370\036rt\004\000\000\000\340\034Pr\201\177\000\000\060 ", '\000' <repeats 14 times>"\240"...
tm = <value optimized out>
ret = <value optimized out>
cfg = 0x7f81747234a0
corecfg = 0x7f81746bc3e8
rc = <value optimized out>
fnsize = <value optimized out>
fn = <value optimized out>
ec = <value optimized out>
#7 0x00007f8170251730 in audit_api_write_log (lpi=0x7f81746c3060) at core.c:903
log = 0x7f8174723440
node = <value optimized out>
rc = <value optimized out>
#8 0x00007f817024c5c3 in ib_clog_auditlog_write (ctx=0x7f81746bc0a0) at logger.c:520
corecfg = 0x7f81746bc3e8
pi = 0x5552
rc = <value optimized out>
#9 0x00007f8170253c25 in logevent_hook_postprocess (ib=0x7f81746b0040, tx=0x7f8174721e70, cbdata=) at core.c:2013
log = <value optimized out>
---Type to continue, or q to quit---
corecfg = 0x7f81746bc3e8
audit = 0x7f81746c3060
events = 0x7f816f5c5de8
tv = {tv_sec = 1308088340, tv_usec = 11237}
boundary = "6b8b4567-4df7d814-1aa8-4588-8fff-555298765432"
rc =
#10 0x00007f81702491ae in ib_state_notify (ib=0x7f81746b0040, event=, param=0x7f8174721e70) at engine.c:713
hook = 0x7f81746b0e60
rc = IB_OK
#11 0x00007f817024921a in ib_state_notify_tx (ib=0x5552, event=21846, tx=0x6) at engine.c:876
hook = <value optimized out>
rc = <value optimized out>
#12 0x00007f817024933a in ib_state_notify_response_finished (ib=0x7f81746b0040, tx=0x7f8174721e70) at engine.c:1433
rc = IB_OK
#13 0x00007f816fa28bb7 in modhtp_htp_response (connp=) at htp.c:670
tx = 0x7f8174721280
ib = 0x7f81746b0040
#14 0x00007f81709d5853 in hook_run_all (hook=0x7f817471d0d0, data=0x7f81747137a0) at hooks.c:144
No locals.
#15 0x00007f81709de24c in htp_connp_RES_IDLE (connp=0x7f81747137a0) at htp_response.c:725
rc = <value optimized out>
#16 0x00007f81709ddd19 in htp_connp_res_data (connp=0x7f81747137a0, timestamp=0x5556, data=0x6 <Address 0x6 out of bounds>, len=18446744073709551615) at htp_response.c:872
rc = 0
#17 0x00007f816fa2813b in modhtp_iface_data_out (pi=, qcdata=0x7f816eba2b90) at htp.c:933
ib = 0x7f81746b0040
iconn = <value optimized out>
modctx = 0x7f81746c6348
htp = 0x7f81747137a0
rc = IB_OK
tv = {tv_sec = 1308088340, tv_usec = 11110}
ec = <value optimized out>
#18 0x00007f81707cb807 in process_bucket (f=0x7f817470daf0, b=0x7f8174711b68) at mod_ironbee.c:225
c = 0x7f817470d370
icdata = {ib = 0x7f81746b0040, mp = 0x7f81746c60e8, conn = 0x7f81746c60f0, dalloc = 5, dlen = 5, data = 0x7f8173314e44 "0\r\n\r\n"}
bdata = 0x0
nbytes = 5
rc = <value optimized out>
#19 0x00007f81707cb8ab in ironbee_output_filter (f=0x7f817470daf0, bb=0x7f817471ec20) at mod_ironbee.c:709
b = 0x7f8174711b68
#20 0x00007f8173306e14 in ap_http_chunk_filter (f=, b=0x7f817471ec20) at /build/buildd/apache2-2.2.14/modules/http/chunk_filter.c:189
bytes = 140193981125384
eos = 0x7f8174711ac8
flush = 0x7f816eba3700
chunk_hdr = " \000\000\000\000\000\000\000\210\322qt\201\177\000\000H\353qt"
c = 0x7f817470d370
more = 0x0
e = 0x7f8174711ac8
rv = <value optimized out>
#21 0x00007f81732e7ae0 in ap_content_length_filter (f=0x7f817471e768, b=0x7f817471ec20) at /build/buildd/apache2-2.2.14/server/protocol.c:1335
r = 0x7f817471d308
ctx = 0x7f817471e9e8
e = 0x1
eblock = 4294967295
#22 0x00007f8173304560 in ap_process_request (r=0x7f817471d308) at /build/buildd/apache2-2.2.14/modules/http/http_request.c:292
access_status = 0
#23 0x00007f8173301498 in ap_process_http_connection (c=0x7f817470d370) at /build/buildd/apache2-2.2.14/modules/http/http_core.c:190
---Type to continue, or q to quit---
r = 0x7f817471d308
csd = 0x0
#24 0x00007f81732faf38 in ap_run_process_connection (c=0x7f817470d370) at /build/buildd/apache2-2.2.14/server/connection.c:43
n = 0
rv = 0
#25 0x00007f8173309e82 in process_socket (thd=, dummy=) at /build/buildd/apache2-2.2.14/server/mpm/worker/worker.c:544
current_conn = <value optimized out>
conn_id = <value optimized out>
csd = 11
sbh = 0x7f817470d368
#26 worker_thread (thd=, dummy=) at /build/buildd/apache2-2.2.14/server/mpm/worker/worker.c:894
process_slot = 0
thread_slot = 0
csd = 0x7f817470d158
bucket_alloc = <value optimized out>
last_ptrans = <value optimized out>
ptrans = 0x7f817470d0d8
rv = <value optimized out>
is_idle = <value optimized out>
#27 0x00007f8172a2feb3 in ?? () from /usr/lib/libapr-1.so.0
No symbol table info available.
#28 0x00007f81727ef9ca in start_thread (arg=) at pthread_create.c:300
__res = <value optimized out>
pd = 0x7f816eba3700
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140193885206272, 8331452854070113607, 0, 0, 0, 0, -8314320773401316025, -8314312558771079865}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
freesize = <value optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#29 0x00007f817254c70d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#30 0x0000000000000000 in ?? ()
No symbol table info available.
With the latest commit ee9db65 we no longer log an error when a non-existent module is loaded. If we revert back to commit 6173ed7 we see the expected behavior.
2011-11-28 10:55:47,022 - root - ERROR - failed to find match of (?sm)^.+\[error\]\sIronBee\:\s\[\d+\]\sERROR\s\-\sFailed\sto\sload\smodule\s\"Abel\.so\" in buffer [Mon Nov 28 10:55:44 2011] [info] mod_unique_id: using ip addr 127.0.1.1
[Mon Nov 28 10:55:45 2011] [info] mod_ironbee IronBee/0.3.0 (ABI 201110300) loading.
[Mon Nov 28 10:55:45 2011] [info] mod_unique_id: using ip addr 127.0.1.1
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(868): IronBee: Parsing config: /home/coz/ironbee-qa/apache_httpd_server_root/conf/ironbee.conf
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] PCRE Status: compiled="7.8 2008-09-05" loaded="7.8 2008-09-05"
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] AC Status: compiled="0.1 20110812" Radix Matcher registered
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] AC Status: compiled="0.1 AC_DATE" BinRadix Matcher registered
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] AC Status: compiled="0.1 20110812" AC Matcher registered
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] LuaFFI - example.onModuleLoad ib=0x7f167cbaf9d0
[Mon Nov 28 10:55:46 2011] [emerg] IronBee: [18902] LuaFFI - TestLogLevel 0 debuglog.onModuleLoad ib=0x7f167cbaf9d0
[Mon Nov 28 10:55:46 2011] [alert] IronBee: [18902] LuaFFI - TestLogLevel 1 debuglog.onModuleLoad ib=0x7f167cbaf9d0
[Mon Nov 28 10:55:46 2011] [error] IronBee: [18902] LuaFFI - TestLogLevel 2 debuglog.onModuleLoad ib=0x7f167cbaf9d0
[Mon Nov 28 10:55:46 2011] [warn] IronBee: [18902] LuaFFI - TestLogLevel 3 debuglog.onModuleLoad ib=0x7f167cbaf9d0
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] LuaFFI - TestLogLevel 4 debuglog.onModuleLoad ib=0x7f167cbaf9d0
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] AUDITLOG PARTS: 0x000002ef
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] Creating list for phase=1
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] List for phase=1 list=0x7f167cbc7490
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] POCSIG: "request_line" "bar" "TESTING: Matched bar in request line." phase=1 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] Creating list for phase=1
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] List for phase=1 list=0x7f167cbc7559
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] POCACSIG: "request_line" "(bar)+" "TESTING: Matched foo and (bar)+ in request line." phase=1 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] pattern foo added to the AC tree 7cbc7650
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(173): IronBee: [18902] AUDITLOG PARTS: 0x000006ef
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(872): IronBee: Destroying config parser
[Mon Nov 28 10:55:46 2011] [notice] mod_ironbee IronBee/0.3.0 (ABI 201110300) configured.
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=18903
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 18903 for worker proxy:reverse
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 18903 for (*)
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=18904
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 18904 for worker proxy:reverse
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 18904 for (*)
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=18905
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 18905 for worker proxy:reverse
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 18905 for (*)
[Mon Nov 28 10:55:46 2011] [notice] Apache/2.2.14 (Ubuntu) configured -- resuming normal operations
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=18906
[Mon Nov 28 10:55:46 2011] [info] Server built: Nov 3 2011 03:29:23
[Mon Nov 28 10:55:46 2011] [debug] prefork.c(1013): AcceptMutex: sysvsem (default: sysvsem)
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 18906 for worker proxy:reverse
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 18906 for (*)
[Mon Nov 28 10:55:46 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=18907
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 18907 for worker proxy:reverse
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Mon Nov 28 10:55:46 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 18907 for (*)
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(327): IronBee: ironbee_pre_connection remote=127.0.0.1:37868 local=127.0.0.1:9931
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventConnStarted ib=0x7f167cbaf9d0 conn=0x7f167cbdf480
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventConnOpened ib=0x7f167cbaf9d0 conn=0x7f167cbdf480
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleContextConn ib=0x7f167cbaf9d0 conn=0x7f167cbdf480
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Created PCRE matcher=0x7f167cbe97c8
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Created radix matcher=0x7f167cbe97f5
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Created ac matcher=0x7f167cbe9823
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleConnect ib=0x7f167cbaf9d0 conn=0x7f167cbdf480
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(602): FETCH BRIGADE (buffering)
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventConnDataIn: GET / HTTP/1.1\r\nHost: foo\r\n\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxStarted ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventRequestStarted ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataIn[2]: GET / HTTP/1.1\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataIn[3]: Host: foo\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataIn[3]: \r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] Adding request_headers fields
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventRequestHeaders ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleContextTx ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] No signatures for phase=0 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleRequestHeaders ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Request line is a field type: 4
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Request Line cvalue: 0x7f167cbeedbd
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - REQUEST_LINE=GET / HTTP/1.1
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Lower case request line is a field type: 4
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Lower case Request Line value: get / http/1.1
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Request Line value: GET / HTTP/1.1
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Request Headers is a field type: 5
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - REQUEST_HEADERS.Host=foo
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - HTTP Host Header is a field type: 4
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - HTTP REQUEST_HEADERS.HOST=foo
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Request cookies is a field type: 5
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Request ARGS is a field type: 5
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - Request Line does not match: (?i:foo)
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] Executing 1 signatures for phase=1 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] PocSig: Matching "bar" against field "request_line"
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] PocSig NOMATCH
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] Matching AGAINST AC tree 7cbc7650
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventRequestBody ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleRequest ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] No signatures for phase=2 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:47 2011] [error] [client 127.0.0.1] Attempt to serve directory: /home/coz/ironbee-qa/apache_httpd_server_root/htdocs/
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventConnDataOut: HTTP/1.1 404 Not Found\r\nDate: Mon, 28 Nov 2011 16:55:47 GMT\r\nServer: Apache/2.2.14 (Ubuntu)\r\nContent-Length: 198\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventResponseStarted ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataOut[type=2]: HTTP/1.1 404 Not Found
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataOut[type=3]: Date: Mon, 28 Nov 2011 16:55:47 GMT\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataOut[type=3]: Server: Apache/2.2.14 (Ubuntu)\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataOut[type=3]: Content-Length: 198\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataOut[type=3]: Content-Type: text/html; charset=iso-8859-1\r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataOut[type=3]: \r\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventResponseHeaders ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleResponseHeaders ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] No signatures for phase=3 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventConnDataOut: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL / was not found on this server.</p>\n</body></html>\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxDataOut[type=4]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p>The requested URL / was not found on this server.</p>\n</body></html>\n
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventResponseBody ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleResponse ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] No signatures for phase=4 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventResponseFinished ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [warn] IronBee: [18903] AUDITLOG INDEX: /home/coz/ironbee-qa/apache_httpd_server_root/logs/audit/auditlog.log
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] AUDITLOG: /home/coz/ironbee-qa/apache_httpd_server_root/logs/audit/20111128-1655/4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c.log
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] ERROR - No events in audit log
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandlePostprocess ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] No signatures for phase=5 ctx=0x7f167cbcab70
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventTxFinished ib=0x7f167cbaf9d0 tx=4ed3bd13-19e2-4f52-8fff-49d7bb6a8e3c
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(602): FETCH BRIGADE (buffering)
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=18908
[Mon Nov 28 10:55:47 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 18908 for worker proxy:reverse
[Mon Nov 28 10:55:47 2011] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Mon Nov 28 10:55:47 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 18908 for (*)
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(602): FETCH BRIGADE (buffering)
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(633): IronBee: ironbee_in client closed connection (70014)
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventConnClosed ib=0x7f167cbaf9d0 conn=0x7f167cbdf480
[Mon Nov 28 10:55:47 2011] [debug] mod_ironbee.c(173): IronBee: [18903] LuaFFI - example.onEventHandleDisconnect ib=0x7f167cbaf9d0 conn=0x7f167cbdf480
2011-11-28 10:55:49,036 - root - ERROR - apache process with pid of 18902 no longer running
====================IronBee Test Results====================
test20:Test of LoadModule Nonexistent [ fail ]:failed to match (?sm)^.+\[error\]\sIronBee\:\s\[\d+\]\sERROR\s\-\sFailed\sto\sload\smodule\s\"Abel\.so\":re needed by test apache_httpd_server_root/logs/error.log in file test20
==========================Summary===========================
Pass 0
Fail 1
make distclean
git checkout -b 6173ed7b4c8021d35d50a0418406947f8df7d96b 6173ed7b4c8021d35d50a0418406947f8df7d96b
./autogen.sh
./configure --with-gcc-optimization-level=0 --with-ats-includes=/usr/local/trafficserver/include/ --enable-cli
make -j8
make check -j8
sudo make install
coz@coz-desktop:~/ironbee-qa (master)$ ./ironbee_test.py --console-log-level="error" --file-glob="tests/*.json" --file-format="ironbee_test_file" --ironbee-test-regex="test20"
WARNING: No route found for IPv6 destination :: (no default route?)
====================IronBee Test Results====================
test20:Test of LoadModule Nonexistent [ pass ]
==========================Summary===========================
Pass 1
Fail 0
Apache error log shows the following messages:
ironbee: [30062] Failed to exec lua wrapper for "simple.onModuleLoad": /usr/local/ironbee/lib//ironbee-ffi.lua:1022: bad argument #4 to 'ib_log_ex' (cannot convert 'string' to 'int') (2)
The line 1022 looks as follows:
1022 c.ib_log_ex(ib.cvalue(), 7, nil, "LuaFFI - ",
1023 dinfo.source, dinfo.linedefined, fmt, ...
but the prototype for ib_log_ex is as follows (the same file, line 868:
void ib_log_ex(ib_engine_t *ib,
ib_log_level_t level,
const char *file,
int line,
const char *fmt,
...);
Commenting out parameters 3 and 4 in the calls to ib_log_ex throughout the file seem to fix the issue, but I'm not completely sure.
Hi guys,
I hoping after this the code settles down.
My CI system wasn't configured correctly and I missed a regression in detecting "small SQLi" in the form of "1--" or "123144/*"
fixed in version 1.2.0 tag, v1.2.0
My apologies for multiple pull requests. ping me if you need help.
nickg
./ironbee_test.py --local-apache --file-glob="req-failure-127.0.0.1-9931-1307383267.01" --file-format="raw"
GET /_source.xls HTTP/1.1
Host: 192.168.2.6
Accept: /
Accept-Language: en,en-US;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; SF/1.29b)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Range: bytes=0-199999
Referer: http://192.168.2.6/
Cookie: JSESSIONID=EF5CC8B75E56DCC0F73FAC473AD8F568
GET /_source.ws HTTP/1.1
Host: 192.168.2.6
Accept: /
Accept-Language: en,en-US;q=0.5
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; SF/1.29b)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Range: bytes=0-199999
Referer: http://192.168.2.6/
Cookie: JSESSIONID=EF5CC8B75E56DCC0F73FAC473AD8F568
[Mon Jun 06 13:11:44 2011] [notice] child pid 18333 exit signal Segmentation fault (11), possible coredump in /home/coz/workspace2/waf-qa/server_root/tmp
[Mon Jun 06 13:11:45 2011] [debug] mod_ironbee.c(270): IronBee: Child exit pid=18416
[Mon Jun 06 13:11:45 2011] [debug] mod_ironbee.c(270): IronBee: Child exit pid=18334
[Mon Jun 06 13:11:45 2011] [debug] mod_ironbee.c(270): IronBee: Child exit pid=18332
BT
#0 modhtp_htp_response_line (connp=) at htp.c:505
modctx = <value optimized out>
tx = 0x7f15951d2c90
ib = 0x7f159515a040
itxdata = {ib = 0x7f159515a040, mp = 0x7f15951db875,
tx = 0x7f15951d3880, dtype = IB_DTYPE_HTTP_LINE, dalloc = 13,
dlen = 139730613797763, data = 0xd <Address 0xd out of bounds>}
itx = <value optimized out>
#1 0x00007f1591998853 in hook_run_all (hook=0x7f15951c6c20,
data=0x7f15951bd6f0) at hooks.c:144
No locals.
#2 0x00007f15919a1788 in htp_connp_RES_LINE (connp=0x7f15951bd6f0)
at htp_response.c:671
chomp_result = 2
rc = <value optimized out>
#3 0x00007f15919a0d19 in htp_connp_res_data (connp=0x7f15951bd6f0,
timestamp=0xfffffffffffffffe, data=0x0, len=1106557264)
at htp_response.c:872
rc = 0
#4 0x00007f15909ec1fb in modhtp_iface_data_out (pi=,
qcdata=0x7f158fb669f0) at htp.c:919
ib = 0x7f159515a040
iconn = <value optimized out>
modctx = 0x7f1595170348
htp = 0x7f15951bd6f0
rc = IB_OK
tv = {tv_sec = 1307383903, tv_usec = 13912}
ec = <value optimized out>
#5 0x00007f159178e807 in process_bucket (f=0x7f15951b7a60, b=0x7f15951bb718)
at mod_ironbee.c:225
c = 0x7f15951b72e0
icdata = {ib = 0x7f159515a040, mp = 0x7f15951700e8,
conn = 0x7f15951700f0, dalloc = 217, dlen = 217,
data = 0x7f15951d9848 "HTTP/1.1 404 Not Found\r\nDate: Mon, 06 Jun 2011 18:11:43 GMT\r\nServer: Apache/2.2.14 (Ubuntu)\r\nContent-Length: 209\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; chars"...}
bdata = 0x0
nbytes = 217
rc = <value optimized out>
#6 0x00007f159178e8ab in ironbee_output_filter (f=0x7f15951b7a60,
bb=0x7f15951d5d20) at mod_ironbee.c:709
b = 0x7f15951bb718
#7 0x00007f15942c8720 in ap_http_header_filter (f=0x7f15951c86e0,
Hi Team,
I was successfully able to configure ironbee but while running make command I am getting a exception that it is not able to find libraries though they are present.
/usr/bin/ld: cannot find -lboost_program_options.so
I am using boost 1.56 version.
I have a crash which I've traced to modhtp_htp_request_headers:
(1) /* Update the hostname. */
if (tx->parsed_uri != NULL) {
itx->hostname = (const char *)bstr_util_strdup_to_c(tx->parsed_uri->hostname);
}
I have a case where tx->parsed_uri is non-null but fields are unset, with tx->parsed_uri being an empty string (this looks like a bug elsewhere, but I haven't figured out where parsed_uri is set). The above code then sets itx->hostname to NULL.
This NULL string is then dereferenced in ib_state_notify_request_headers, with at the top of the backtrace:
#0 __strlen_sse2 () at ../sysdeps/i386/i686/multiarch/strlen.S:99
#1 0x00744d4f in ib_context_siteloc_chooser (ctx=0xb2bb0748,
type=IB_CTYPE_TX, ctxdata=0x8981fe8, cbdata=0xb2b8f1e8) at engine.c:2049
#2 0x00741402 in _ib_context_get (ib=0xb2b8af80, type=IB_CTYPE_TX,
data=0x8981fe8, pctx=0x8981ff8) at engine.c:98
#3 0x00743393 in ib_state_notify_request_headers (ib=0xb2b8af80, tx=0x8981fe8)
at engine.c:1200
#4 0x007c9e2f in modhtp_htp_request_headers (connp=0x896c950) at htp.c:347
# grep ironbee /usr/local/nginx/conf/nginx.conf
ironbee_config_file /usr/local/ironbee/etc/ironbee/ironbee.conf;
ironbee_logger "On";
ironbee_loglevel 4;
# cat /usr/local/ironbee/etc/ironbee/ironbee.conf
### Logging
# Log level (standard syslog levels with additional debug2 and debug3)
LogLevel debug3
# The log is really only valid for clipp as the servers
# will utilize their own native logging facilities.
Log debug.log
### Sensor Info
SensorId 80ECD8CF-318C-4915-A8C2-B3AAE315FB0C
### Load Modules
# Standard support modules
LoadModule "ibmod_persistence_framework.so"
LoadModule "ibmod_htp.so"
LoadModule "ibmod_pcre.so"
LoadModule "ibmod_init_collection.so"
# IronBee Rule Language
LoadModule "ibmod_rules.so"
### Auditing
AuditEngine RelevantOnly
AuditLogIndex None
AuditLogBaseDir /tmp/ironbee
AuditLogSubDirFormat "%Y%m%d-%H%M"
AuditLogDirMode 0755
AuditLogFileMode 0644
AuditLogParts all
### Buffering
RequestBuffering On
ResponseBuffering On
### Rule Diagnostics Logging
RuleEngineLogData all
RuleEngineLogLevel info
# ===============================================================================
# Rules
# ===============================================================================
# ===============================================================================
### Test Rules
# This rule will block if a "blockme" parameter (with any value) is in the request
Rule ARGS:blockme.count() @ne 0 id:test/blockme rev:1 phase:REQUEST "msg:Test blocking" tag:TestRules event block
### Default Blocking Rules
# These rule detect any advisory blocks and perform the
# actual block.
Rule FLAGS:block @ne 0 id:block/request_header rev:1 phase:REQUEST_HEADER "msg:Blocking request header" tag:BlockingMode block:phase
Rule FLAGS:block @ne 0 id:block/request rev:1 phase:REQUEST "msg:Blocking request" tag:BlockingMode block:phase
Rule FLAGS:block @ne 0 id:block/response_header rev:1 phase:RESPONSE_HEADER "msg:Blocking response header" tag:BlockingMode block:phase
# ===============================================================================
# ===============================================================================
### Sites
# Default
<Site default>
SiteId 0CA1665C-F27F-4763-A3E0-A31A00477497
Service *:*
Hostname *
# Enable rules from the main context
RuleEnable tag:TestRules
RuleEnable tag:BlockingMode
</Site>
# /etc/init.d/nginx restart
[....] nginx: restartingnginx: [emerg] unknown directive "ironbee_loglevel" in /usr/local/nginx/conf/nginx.conf:12
./iblici --request-file 1 --response-file 2 --config ironbee.conf
$ hexdump -C 1
00000000 48 45 41 44 20 2f 20 48 54 54 50 2f 31 2e 31 0a |HEAD / HTTP/1.1.|
00000010 48 6f 73 74 3a 20 78 78 78 2e 63 6f 6d 0a 0a 0a |Host: xxx.com...|
00000020
$ hexdump -C 2
00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0a |HTTP/1.1 200 OK.|
00000010 53 65 72 76 65 72 3a 20 78 78 78 78 0a 0a 74 65 |Server: xxxx..te|
00000020 73 74 0a |st.|
00000023
2012-12-13T01:52:17.9648+0400 INFO - ( htp_response.c:729 ) [16723] LibHTP Invalid response line
ibcli1: data.c:601: ib_data_get_ex: Assertion `dpi != ((void *)0)' failed.
Program received signal SIGABRT, Aborted.
0x00007ffff6b4f475 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff6b4f475 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff6b526f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff6b48621 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff793af92 in ib_data_get_ex (dpi=0x0, name=name@entry=0x7ffff2d4035d "HTP_RESPONSE_FLAGS", name_len=,
pf=pf@entry=0x7fffffffdf78) at data.c:601
#4 0x00007ffff2d3dcae in modhtp_add_flag_to_collection (itx=itx@entry=0x75b4a0,
collection_name=collection_name@entry=0x7ffff2d4035d "HTP_RESPONSE_FLAGS", flag=flag@entry=0x7ffff2d40338 "STATUS_LINE_INVALID") at modhtp.c:236
#5 0x00007ffff2d3dee8 in modhtp_set_parser_flag (itx=itx@entry=0x75b4a0, collection_name=collection_name@entry=0x7ffff2d4035d "HTP_RESPONSE_FLAGS",
flags=0) at modhtp.c:363
#6 0x00007ffff2d3e54f in modhtp_htp_response_body_data (txdata=0x7fffffffe050) at modhtp.c:964
#7 0x00007ffff74f4bc2 in hook_run_all (hook=0x4153, user_data=0x7fffffffe050) at hooks.c:131
#8 0x00007ffff74fac19 in htp_res_run_hook_body_data (connp=connp@entry=0x6cd990, d=d@entry=0x7fffffffe050) at htp_util.c:2295
#9 0x00007ffff74fdc87 in htp_connp_RES_LINE (connp=0x6cd990) at htp_response.c:749
#10 0x00007ffff74fe9d9 in htp_connp_res_data (connp=connp@entry=0x6cd990, timestamp=timestamp@entry=0x7fffffffe0d0, data=,
len=<optimized out>) at htp_response.c:976
#11 0x00007ffff2d3d0c5 in modhtp_iface_data_out (pi=, qcdata=0x7fffffffe1e0) at modhtp.c:1618
#12 0x0000000000405159 in send_file (ib=ib@entry=0x6295b0, icdata=icdata@entry=0x7fffffffe1e0, buf=buf@entry=0x74b270, fp=fp@entry=0x643120,
direction=direction@entry=DATA_OUT, bufsize=65536) at ibcli.c:2171
#13 0x0000000000403314 in run_transaction (rsp_file=, req_file=, trans_num=1, buf=0x74b270, conn=,
ib=0x6295b0, bufsize=<optimized out>) at ibcli.c:2256
#14 run_connection (ib=0x6295b0) at ibcli.c:2325
#15 main (argc=, argv=) at ibcli.c:2485
according with https://github.com/ironbee/ironbee/blob/master/docs/reference-manual/ch-installation-guide.adoc I could compile without any error but actually this is what I get:
and I can't continue.
htp_connp_t is allocating and failing to free request_line_raw field of connp->in_tx
==1888== at 0x4C26FDE: malloc (vg_replace_malloc.c:236)
==1888== by 0xE62595C: bstr_alloc (bstr.c:33)
==1888== by 0xE625A50: bstr_dup_mem (bstr.c:222)
==1888== by 0xE62D47D: htp_connp_REQ_LINE (htp_request.c:652)
==1888== by 0xE62CE08: htp_connp_req_data (htp_request.c:948)
==1888== by 0xF66C32A: modhtp_iface_data_in (htp.c:918)
Getting the below error after successfully configuring the ironbee.
I've been trying to write a sample IronBee lua module, using modules/example.lua as a getting started guide.
Unfortunately it is apparently out of sync with the code of lua module:
modules/lua.c, lines 295 throught 377, list all supported event handlers you can use from a lua module.
Some of the the event handlers set up in lua/example.lua are not in that list, e.g. TxDataIn and TxDataOut. That is why the sample fails to load (excerpt from the log on load):
ironbee: [29897] No more chunk parts to read: EINVAL
ironbee: [29897] Unhandled event TxDataIn
ironbee: [29897] Failed to register lua event handler "onEventTxDataIn": EINVAL
ironbee: [29897] No more chunk parts to read: EINVAL
ironbee: [29897] Unhandled event TxDataIn
ironbee: [29897] Failed to register lua event handler "onEventTxDataIn": EINVAL
I get a response time-out waiting for this request... (\r\n after method and uri..) If I comment out the IronBee config in the apache conf the request is treated as an HTTP/0.9 request, and the response body is returned without headers.
GET /index.html
HTTP/1.1
Host: boo
Content-Length: 9
123456789
Hi there,
I've been experimenting with ironbee ("master" branch) and nginx/1.7.0, and I'm facing the issue when ironbee logs output directly in client's socket:
$ curl -i http://localhost:8080/
2014/05/22 13:55:23 [notice] 29788#0: ironbee: 22052014.13h55m23s NOTICE - *s
2014/05/22 13:55:23 [notice] 29788#0: ironbee: 22052014.13h55m23s NOTICE - *s
HTTP/1.1 403 Forbidden
Server: nginx/1.7.0
Date: Thu, 22 May 2014 13:55:23 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.7.0</center>
</body>
</html>
nginx has fd=2 and fd=4 associated with error.log:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 29836 defan 2w REG 8,1 138531 421980 /tmp/nginx-test-_iDXSiYqAY/error.log
nginx 29836 defan 4w REG 8,1 138531 421980 /tmp/nginx-test-_iDXSiYqAY/error.log
but ironbee is logging to fd=3 also:
accept4(7, {sa_family=AF_INET, sin_port=htons(46825), sin_addr=inet_addr("127.0.0.1")}, [16], SOCK_NONBLOCK) = 3
recvfrom(3, "GET / HTTP/1.1\r\nUser-Agent: curl/7.35.0\r\nHost: localhost:8080\r\nAccept: */*\r\n\r\n", 1024, 0, NULL, NULL) = 78
write(2, "22052014.14h10m07s NOTICE - No site selection list: Using main context\n", 75) = 75
write(3, "2014/05/22 14:10:07 [notice] 29898#0: ironbee: 22052014.14h10m07s NOTICE - *s\n", 82) = 82
write(2, "22052014.14h10m07s NOTICE - No site selection list: Using main context\n", 75) = 75
write(3, "2014/05/22 14:10:07 [notice] 29898#0: ironbee: 22052014.14h10m07s NOTICE - *s\n", 82) = 82
I spend some time trying to understand the logic of ironbee's loggers/writers, but still have no luck.
Basically, nginx dup2()'s standard STDERR to left it to the any 3rd-party software that may use it, but ironbee is doing something strange here. :)
nginx configure arguments:
nginx version: nginx/1.7.0
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-debug --add-module=/home/defan/git/ironbee/servers/nginx --prefix=/home/defan/local
Please let me know if you'll need any more information/assistance to proceed with this issue.
Thanks!
In file included from /usr/include/htp/htp.h:39:0,
from modhtp.c:52:
/usr/include/htp/hooks.h:38:5: warning: function declaration isn't a prototype [-Wstrict-prototypes]
/usr/include/htp/hooks.h:41:2: warning: function declaration isn't a prototype [-Wstrict-prototypes]
/usr/include/htp/hooks.h:45:1: warning: function declaration isn't a prototype [-Wstrict-prototypes]
In file included from modhtp.c:52:0:
/usr/include/htp/htp.h:965:1: warning: function declaration isn't a prototype [-Wstrict-prototypes]
/usr/include/htp/htp.h:968:1: warning: function declaration isn't a prototype [-Wstrict-prototypes]
In file included from modhtp.c:52:0:
/usr/include/htp/htp.h:1017:1: warning: function declaration isn't a prototype [-Wstrict-prototypes]
modhtp.c: In function 'modhtp_set_parser_flag':
modhtp.c:370:17: error: 'HTP_STATUS_LINE_INVALID' undeclared (first use in this function)
modhtp.c:370:17: note: each undeclared identifier is reported only once for each function it appears in
modhtp.c: In function 'modhtp_htp_request_line':
modhtp.c:475:9: warning: implicit declaration of function 'bstr_util_strdup_to_c' [-Wimplicit-function-declaration]
modhtp.c:475:9: warning: nested extern declaration of 'bstr_util_strdup_to_c' [-Wnested-externs]
modhtp.c:475:19: warning: assignment makes pointer from integer without a cast [enabled by default]
modhtp.c:491:23: warning: assignment makes pointer from integer without a cast [enabled by default]
modhtp.c: In function 'modhtp_htp_request_headers':
modhtp.c:585:23: warning: assignment makes pointer from integer without a cast [enabled by default]
modhtp.c: In function 'modhtp_htp_response_line':
modhtp.c:879:25: error: 'HTP_STATUS_LINE_INVALID' undeclared (first use in this function)
modhtp.c: In function 'modhtp_iface_init':
On Ubuntu 14.04 LTS, I'm getting errors while executing the make command such as:
/usr/bin/ld: cannot find -lboost_regexyes
collect2: error: ld returned 1 exit status
Makefile:1257: recipe for target test_util_log failed
Makefile:2009: recipe for target 'check-am' failed
Makefile:1453: recipe for target 'check-recursive' failed
Makefile:1093: recipe for target 'check-recursive' failed
Makefile:760: recipe for target 'check-recursive' failed
The user manual states that the DebugLogLevel default is 3 but it is actually 4.
[Wed May 18 17:46:43 2011] [emerg] IronBee: LuaFFI - TestLogLevel 0 debuglog.onModuleLoad ib=0x7f5d6dd0f040
[Wed May 18 17:46:43 2011] [alert] IronBee: LuaFFI - TestLogLevel 1 debuglog.onModuleLoad ib=0x7f5d6dd0f040
[Wed May 18 17:46:43 2011] [error] IronBee: LuaFFI - TestLogLevel 2 debuglog.onModuleLoad ib=0x7f5d6dd0f040
[Wed May 18 17:46:43 2011] [warn] IronBee: LuaFFI - TestLogLevel 3 debuglog.onModuleLoad ib=0x7f5d6dd0f040
[Wed May 18 17:46:43 2011] [debug] debuglog.lua(46): IronBee: LuaFFI - TestLogLevel 4 debuglog.onModuleLoad ib=0x7f5d6dd0f040
engine/logger.c
@@ -196,7 +196,7 @@ ib_status_t DLL_PUBLIC ib_logevent_create(ib_logevent_t **ple,
va_start(ap, fmt);
r = vsnprintf(buf, IB_LEVENT_MSG_BUF_SIZE, fmt, ap);
if (r >= IB_LEVENT_MSG_BUF_SIZE) {
memcpy(buf + (IB_LEVENT_MSG_BUF_SIZE - 3), "...", 3);
memcpy(buf + (IB_LEVENT_MSG_BUF_SIZE - 4), "...", 3);
[Wed Nov 02 15:18:42 2011] [alert] IronBee: [3903] ERROR - Failed to exec lua wrapper for "example.onEventHandleRequestHeaders" - string length overflow (2)
Wed Nov 02 15:18:41 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=3906
[Wed Nov 02 15:18:41 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 3906 for worker proxy:reverse
[Wed Nov 02 15:18:41 2011] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Wed Nov 02 15:18:41 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 3906 for (*)
[Wed Nov 02 15:18:41 2011] [debug] mod_ironbee.c(292): IronBee: Child init pid=3907
[Wed Nov 02 15:18:41 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 3907 for worker proxy:reverse
[Wed Nov 02 15:18:41 2011] [debug] proxy_util.c(1825): proxy: worker proxy:reverse already initialized
[Wed Nov 02 15:18:41 2011] [debug] proxy_util.c(1922): proxy: initialized single connection worker 0 in child 3907 for (*)
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(327): IronBee: ironbee_pre_connection remote=127.0.0.1:55530 local=127.0.0.1:9931
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventConnStarted ib=0x7f12b179fa30 conn=0x7f12b17cf4d0
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventConnOpened ib=0x7f12b179fa30 conn=0x7f12b17cf4d0
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventHandleContextConn ib=0x7f12b179fa30 conn=0x7f12b17cf4d0
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - Created PCRE matcher=0x7f12b17d9818
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - Created radix matcher=0x7f12b17d9845
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - Created ac matcher=0x7f12b17d9873
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventHandleConnect ib=0x7f12b179fa30 conn=0x7f12b17cf4d0
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(602): FETCH BRIGADE (buffering)
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventConnDataIn: GET / HTTP/1.1\r\nHost: foo\r\n\r\n
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventTxStarted ib=0x7f12b179fa30 tx=4eb1a5a2-1afa-4090-8fff-0f3f1918ffe8
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventRequestStarted ib=0x7f12b179fa30 tx=4eb1a5a2-1afa-4090-8fff-0f3f1918ffe8
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventTxDataIn[2]: GET / HTTP/1.1\r\n
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventTxDataIn[3]: Host: foo\r\n
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventTxDataIn[3]: \r\n
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] Adding request_headers fields
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventRequestHeaders ib=0x7f12b179fa30 tx=4eb1a5a2-1afa-4090-8fff-0f3f1918ffe8
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventHandleContextTx ib=0x7f12b179fa30 tx=4eb1a5a2-1afa-4090-8fff-0f3f1918ffe8
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] No signatures for phase=0 ctx=0x7f12b17babc0
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - example.onEventHandleRequestHeaders ib=0x7f12b179fa30 tx=4eb1a5a2-1afa-4090-8fff-0f3f1918ffe8
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - Request line is a field type: 4
[Wed Nov 02 15:18:42 2011] [debug] mod_ironbee.c(173): IronBee: [3903] LuaFFI - Request Line cvalue: 0x7f12b17dee0d
[Wed Nov 02 15:18:42 2011] [alert] IronBee: [3903] ERROR - Failed to exec lua wrapper for "example.onEventHandleRequestHeaders" - string length overflow (2)
[Wed Nov 02 15:18:42 2011] [warn] IronBee: [3903] ERROR - Error executing lua handler
--disable-gcc-warn-format-literal is broken
I got error as following : error loading module 'rex_pcre' from file '/usr/local/lib/lua/5.1/rex_pcre.so'. I have installed pcre for lua. is there anyone to help me?
The patch should be self-explanatory:
commit 6df2f698fad66f4beab7e4a85374b6b2abe4c37b
Author: George Noseevich <[email protected]>
Date: Sat Dec 8 18:46:59 2012 +0400
Fixes sample config for running as apache module
The log handler changed to ironbee-httpd
diff --git a/etc/ironbee-httpd.conf.example b/etc/ironbee-httpd.conf.example
index 6d1cab0..ffac6bd 100644
--- a/etc/ironbee-httpd.conf.example
+++ b/etc/ironbee-httpd.conf.example
@@ -1,7 +1,7 @@
### Logging
#Log /var/log/ironbee/debug.log
LogLevel 4
-LogHandler mod_ironbee
+LogHandler ironbee-httpd
### Sensor Info
# Sensor ID, must follow UUID format
There is a file descriptor leak in core.c: logger_api_vlogmsg.
Possible patch: https://gist.github.com/4258758
i attended to build nginx with ironbee module.
but i got errors as following:
[root@localhost ironbee-master]# make nginx
make[1]: Entering directory `/home/hyf/ironbee-master/servers/nginx'
cd nginx-1.3.10 \
&& NGINXIB_CONFIG_FILE=/home/hyf/ironbee-master/servers/nginx/config.nginx ./configure --with-debug \
--prefix=/usr/local/ironbee/nginx \
--with-cc-opt="-O0 -I/usr/local/ironbee/include -I." \
--with-ld-opt=" -lpcre -L/usr/local/ironbee/lib -lhtp -libutil -lironbee" \
--add-module=/home/hyf/ironbee-master/servers/nginx
checking for OS
+ Linux 2.6.18-308.el5 x86_64
checking for C compiler ... found
+ using GNU C compiler
+ gcc version: 4.1.2 20080704 (Red Hat 4.1.2-52)
checking for gcc -pipe switch ... found
checking for --with-ld-opt=" -lpcre -L/usr/local/ironbee/lib -lhtp -libutil -lironbee" ... not found
./configure: error: the invalid value in --with-ld-opt=" -lpcre -L/usr/local/ironbee/lib -lhtp -libutil -lironbee"
make[1]: *** [nginx-1.3.10/Makefile] Error 1
make[1]: Leaving directory `/home/hyf/ironbee-master/servers/nginx'
make: *** [nginx] Error 2
it seems that libhtp.so libibutil.so or libironbee.so can not be found. But they indeed exist
[root@localhost nginx-1.3.10]# ll /usr/local/ironbee/lib/libhtp*
lrwxrwxrwx 1 root root 19 May 29 15:22 /usr/local/ironbee/lib/libhtp-0.5.so.1 -> libhtp-0.5.so.1.0.2
-rwxr-xr-x 1 root root 479333 May 29 15:22 /usr/local/ironbee/lib/libhtp-0.5.so.1.0.2
-rw-r--r-- 1 root root 1014226 May 29 15:22 /usr/local/ironbee/lib/libhtp.a
-rwxr-xr-x 1 root root 932 May 29 15:22 /usr/local/ironbee/lib/libhtp.la
lrwxrwxrwx 1 root root 19 May 29 15:22 /usr/local/ironbee/lib/libhtp.so -> libhtp-0.5.so.1.0.2
[root@localhost nginx-1.3.10]# ll /usr/local/ironbee/lib/libibutil*
lrwxrwxrwx 1 root root 22 May 29 15:22 /usr/local/ironbee/lib/libibutil-0.8.so.0 -> libibutil-0.8.so.0.0.8
-rwxr-xr-x 1 root root 492500 May 29 15:22 /usr/local/ironbee/lib/libibutil-0.8.so.0.0.8
-rw-r--r-- 1 root root 858796 May 29 15:22 /usr/local/ironbee/lib/libibutil.a
-rwxr-xr-x 1 root root 1049 May 29 15:22 /usr/local/ironbee/lib/libibutil.la
lrwxrwxrwx 1 root root 22 May 29 15:22 /usr/local/ironbee/lib/libibutil.so -> libibutil-0.8.so.0.0.8
[root@localhost nginx-1.3.10]# ll /usr/local/ironbee/lib/libironbee*
lrwxrwxrwx 1 root root 23 May 29 15:22 /usr/local/ironbee/lib/libironbee-0.8.so.0 -> libironbee-0.8.so.0.0.8
-rwxr-xr-x 1 root root 1179890 May 29 15:22 /usr/local/ironbee/lib/libironbee-0.8.so.0.0.8
-rw-r--r-- 1 root root 2157590 May 29 15:22 /usr/local/ironbee/lib/libironbee.a
-rwxr-xr-x 1 root root 1099 May 29 15:22 /usr/local/ironbee/lib/libironbee.la
lrwxrwxrwx 1 root root 23 May 29 15:22 /usr/local/ironbee/lib/libironbee.so -> libironbee-0.8.so.0.0.8
i deleted -lhtp -libutil -lironbee one by one and found it passed when -lironbee was deleted!
that's really wired.Is there anyone to help me?
I've been tooling with ironbee and nginx this morning, and one of the first things I noticed (and I've found no documentation either pointing out an error on my part or identifying this as a bug) is that if you run 'nginx -s reload' it causes all requests to fail with an empty response, you must fully stop and start nginx before it will return to normal operation.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.