I have a customer on a shred server with a perl upload script (cgi-bin/upload.cgi, 755). After having installed mod_security with ASL Realtime some functionality stopped working. The files are still uploaded but the timer and "percentage uploaded" bar don't work anymore.

Strange thing is: mod_security is working fine generally, I keep having some Joomla and Typo3 issues but after whitelisting the rule numbers seen in the logs all sites worked perfectly. However, the perl issue does not leave any trace in the logs. I just noticed that when disabling mod_sec for the customer, the cgi script is working without any problems.

Any ideas how to solve the problem without disabling mod_sec completely for this user? Further info can be found in this forum where Sergio redeirected me to here.

We can definitely help you with that. In the future if you need support, just send an email to support AT atomicorp DOT com. Thats the fastest way to get help, the forums are not the fastest way to get help.

OK, so if modsecurity isnt logging anything then either:

1) The modsecurity rules aren't the cause, something else is causing this such as modsecurity being compiled incorrectly, the way its configured, some addon to modsecurity, etc.
2) There is a rule causing this, but modsecurity isnt configured correctly and isnt logging everything its doing
3) Something else is going on with apache that modsecurity is just amplifying, for example you may have a limit on the amount of memory apache can use and you are hitting that limit. When you disable modsecurity apache uses less memory and the script runs correctly (cpanel for example may limit apache memory footprint, and I have definitely seen memory issues cause all sorts of random problems before).

It looks like you have tried disabling modsecurity and you seem to see your script working when its disabled. So, modsecurity may have something to do with this. So, first can you confirm that you are using a modsecurity build provided by us? And if so, what version and how did you install it?

Second, can you confirm that your custom modsecurity setup is configured exactly as described on this webpage:

https://www.atomicorp.com/wiki/index.ph ... rity_Rules

I've definitely seen cpanel configurations that don't log things correctly, so if you are using the cpanel config don't assume its good to go - it usually isnt. Also, if you have other rules loaded they may be configured to not log (rules can be configured to notlog, our rules dont do that but some third party rules do).

Also, do you have any third party rules configured or any other addons that work with modsecurity, such as CSX? If do, disable any third party addons. Also, what version of modsecurity do you have installed?

And finally, do you see any errors in apaches logs or your servers logs that might indicate a memory issue, segfault, other error, etc.?

We use CPanel.

Since I'm not running the servers myself but renting them fully managed (I'm just responsable for first level support to my hosting customers) I asked the admins for the requested info. They said:

- Everything is installed "as mike says it is OK" except for CPanel
- No other rules loaded
- Addons in use:
>> ConfigServer eXploit Scanner - cxs v2.60
>> ConfigServer ModSecurity Control - cmc v1.02
>> ConfigServer Security & Firewall - csf v5.50

What happens when you disable those addons?

And have they setup any debugging in apache to see whats happening when this occurs?

Are there any memory limits on Apache that may getting exceeded when Apache is using more memory (modsecurity uses a lot of memory) and this script runs? I have definitely seen cpanel configurations with low memory limits on Apache that get exceeded when modsecurity is loaded and a memory intensive application is run.

Hi Mike, I do really appreciate your support but I'm afraid this will all take too much time for me and my server guys - so I will just take the risk and disable mod_security for the specific user which results in everything functioning properly.

Thanks anyway and thanks for the fast feedbacks!