Quote:
I was always of the opinion that "module ABC is already loaded, skipping" implied that it was NOT being loaded again, and therefore harmless.
Apache wont load the module, but it absolutely will load any configuration directives (if any). And its not uncommon for .conf files to load a module inside the configuration file, if you see something being loaded more than once (and in his case its three times) then you may also be loading the configuration too. So always check your apache configs (you also may not be load config directives, so doublecheck, for example sometimes the main apache configuration file may load a module, but no settings - so in that case its harmless)
Consider the classic load logic, most folks put in a directive that says "if this module is loaded, then parse these configuration directives". Not "if this module has NOT already been configured parse these configuration directives". So the only error you see is apache saying "already loaded the module", not "already load and CONFIGURED the module". So it merrily configures itself again and loads yet MORE and potentially identical rules (keep in mind, apache directives are cumulative, you can have two, or three or more identical rules loaded if you keep loading the config).
As I said, in his case he's loading modsecurity three times, so its probably really overloaded with duplicates, misconfigured/reconfigured logic and all sorts of hair balls. And because all the recommended configurations for modsecurity (include the configs for rules only users, our ASL configuration and cpanels modsecurity configuration) all load modsecurity from within the modsecurity configuration file, that means the entire configuration is being loaded three times - and as the configuration also includes the rules - hes loading the rules up three times.
I have definitely seen cases where users have done this, and reported the exact same issue with performance. We found they had setup a duplicate of the Atomicorp rules in /opt/modsecurity, and a second modsecurity configuration they setup manually in addition to the ASL rules. So they loaded all the rules twice in that case, and it crushed the box. This is definitely neither supported nor tested, and is definitely not going to be extremely inefficient.
So, with two already loaded errors, that tells me this system is setup to at least load the module three times, and may also be loading the modsecurity configuration
three times and thereby likely loading the rules three times. If the rules are loaded three times, that would definitely crush the systems performance. Its pretty bad ass that it works well at all, but the bottom line is that with two already loaded errors, the system is not in a state ASL configured. One error, that could just be the main apache config loading the module but not config directives, but two - thats like a duplicate modsec setup. In this case, it sounds like someones manually setup modsecurity, perhaps before or after ASL was installed.
Short answer, just let ASL do the work for you. Remove modsecurity and any manual implementations thereof, reinstall ASL and only let ASL make changes to modsecurity. Don't install any rules manually or any third party packages for modsecurity.
Login
Register
FAQ
Search
Completely missed Mark's post haha. Thanks guys 