Author Topic: ModSecurity persistent IP database size alert  (Read 646 times)

Offline needsomehelp

  • Comodo Loves me
  • ****
  • Posts: 105
ModSecurity persistent IP database size alert
« on: December 29, 2017, 02:45:17 PM »
Hi just started having these emails every hour below never had them before ?

ModSecurity persistent IP database (/var/cpanel/secdatadir/ip.pag) size is 8.25GB

This requires further investigation otherwise it will start to affect server performance.

I tried the ones provided by cPanel and they don't do this at all.

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 370
Re: ModSecurity persistent IP database size alert
« Reply #1 on: January 02, 2018, 08:11:12 AM »
Hi just started having these emails every hour below never had them before ?

ModSecurity persistent IP database (/var/cpanel/secdatadir/ip.pag) size is 8.25GB

This requires further investigation otherwise it will start to affect server performance.

I tried the ones provided by cPanel and they don't do this at all.
Hello, yo can periodically clean this file manually to avoid performance issues.

Offline needsomehelp

  • Comodo Loves me
  • ****
  • Posts: 105
Re: ModSecurity persistent IP database size alert
« Reply #2 on: January 02, 2018, 08:53:09 AM »
Hello, yo can periodically clean this file manually to avoid performance issues.

I have to do this everyday but only on one server all the thers that use Comodo are fine ? so this one will problems i use cPanel for now.

When will a fix be out ?

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 370
Re: ModSecurity persistent IP database size alert
« Reply #3 on: January 02, 2018, 10:21:50 AM »
We know about this issue and it is in our TO DO plan.

Offline needsomehelp

  • Comodo Loves me
  • ****
  • Posts: 105
Re: ModSecurity persistent IP database size alert
« Reply #4 on: January 02, 2018, 10:38:21 AM »
We know about this issue and it is in our TO DO plan.

ok but why does it only do this on one server and not all of them ?

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 370
Re: ModSecurity persistent IP database size alert
« Reply #5 on: January 02, 2018, 11:52:53 AM »
Probably those servers have a different load and different content, because rules act in a different way depending on requests which are coming.

Offline needsomehelp

  • Comodo Loves me
  • ****
  • Posts: 105
Re: ModSecurity persistent IP database size alert
« Reply #6 on: February 12, 2018, 09:41:50 AM »
We know about this issue and it is in our TO DO plan.

Any update on thsi yet ?

Offline DiegoAD

  • Newbie
  • *
  • Posts: 5
Re: ModSecurity persistent IP database size alert
« Reply #7 on: February 20, 2018, 08:37:30 AM »
Same problema here. Any new?

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: ModSecurity persistent IP database size alert
« Reply #8 on: February 22, 2018, 06:42:00 AM »
You can try recipe from:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/ippag-size-t114755.0.html;msg830381#msg830381

SecCollectionTimeout 600
In file:
/usr/local/apache/conf/modsec2.conf

Offline DiegoAD

  • Newbie
  • *
  • Posts: 5
Re: ModSecurity persistent IP database size alert
« Reply #9 on: February 22, 2018, 07:45:16 AM »
Thanks SergeiP,

Question: Can I make the modification in /etc/apache2/conf.d/modsec/modsec2.user.conf ?

I need restart apache then?

Thanks

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: ModSecurity persistent IP database size alert
« Reply #10 on: February 22, 2018, 09:38:04 AM »
You should restart apache every time when you did configs modification.
What for do you need make the modification in /etc/apache2/conf.d/modsec/modsec2.user.conf?
Actually you can do changes in this file.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek