Skip to content

apache graceful restart + Apache connector + rules = memory leak #82

New issue
New issue
Open
Open
apache graceful restart + Apache connector + rules = memory leak#82
@drmuey

Description

@drmuey
drmuey
opened on May 18, 2021
  1. Set up memory test script
    • create this script at the end of this post
    • Make sure/etc/systemd/system.conf has these settings:
      • DefaultMemoryAccounting=yes
      • DefaultStartLimitInterval=1s
      • systemctl daemon-reexec if you had to edit those (and hard restart apache for good measure, systemctl status httpd | grep Memory should not have output).
    1. install and configure apache connector (but do not configure any rules)
  3. run memory test script ➜ no leak
# ~/check_httpd_memory_usage.sh
Memory usage before 200 restarts:
   Memory: 67.4M
...
Memory usage after 200 restarts:
   Memory: 67.3M
#
  1. install and configure OWASP CRS
  2. run memory test script ➜ leak
# ~/check_httpd_memory_usage.sh
Memory usage before 200 restarts:
   Memory: 67.4M
...
Memory usage after 200 restarts:
   Memory: 1.3G
# ~/check_httpd_memory_usage.sh
  1. change script to do a hard restart (e.g. systemctl restart httpd) and the leak goes away
#!/bin/bash

set -e

NREQUESTS=200

# for good measure
systemctl stop httpd
systemctl start httpd

echo "Memory usage before $NREQUESTS restarts:"
systemctl status httpd | grep Memory

for ((i = 0 ; i < $NREQUESTS ; i++)); do
    echo -n "$i … "
    /usr/sbin/apachectl graceful
    sleep 2;
done

echo
echo "Memory usage after $NREQUESTS restarts:"
systemctl status httpd | grep Memory

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions