Hello,
After last update rules, two servers with comodo waf and whm are too slow. Apache slow response and high load.
Everything back normal when I disable mod_security.
Could you help me to find where is the problem?
Thank you
Joao
Please, check modsec_audit.log and error.log.
I think there is an answer in these files and I can just exclude some rules.
Hello,
Thank you for reply.
I could see some errors in this file, but I don´t know what is the rule. This information isn´t in the log. Please, see bellow:
–a1f20733-H–
Message: collection_store: Failed to access DBM file “/var/cpanel/secdatadir/ip”: Resource deadlock avoided
Apache-Error: [file “apache2_util.c”] [line 271] [level 3] [client 172.68.26.71] ModSecurity: collection_store: Failed to access DBM file “/var/cpanel/secdatadir/ip”: Resource deadlock avoided [hostname “www.websitex.com”] [uri “/index.php”] [unique_id “WdVS1x397thV9E98riWNgQAAAQs”]
Stopwatch: 1507152599566292 4380799 (- - -)
Stopwatch2: 1507152599566292 4380799; combined=1336187, p1=801, p2=4656, p3=0, p4=0, p5=665449, sr=92, sw=665281, l=0, gc=0
Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: “ENABLED”
–a1f20733-Z–
Could you help me?
By the time, when I know what´s the rule is causing the problem, what´s the best way to disable it? I´m using comodo rules in cpanel vendors.
Thank you very much.
Best regards
Joao
Please, check this topic:
https://forums.comodo.com/free-modsecurity-rules-comodo-web-application-firewall/broken-update-t120671.0.html
We are sorry, please update to the new version of the rules: 1.141
See details here: