Closed
Description
I'm not sure if this issue was already reported. Anyway:
What reported here SpiderLabs/owasp-modsecurity-crs#1133 seems to be related to the rule 200001 and the requestBodyProcessor=JSON
on each request with Content-Type: application/json
.
With a long JSON string in the request body, the rule 200001 takes a very long time to process it, and the nginx worker CPU usage stuck at 100% until it finishes.
Logs and dumps
Using an 800 Kb JSON file as request body, and sent with content-type application/json
the request took 83 seconds:
curl -s -H 'Content-Type: application/json' -d @test.json 'http://localhost' -w @curl-format.txt
host localhost upstream:
time_namelookup: 0.005550
time_connect: 0.006125
time_appconnect: 0.000000
time_pretransfer: 0.011318
time_redirect: 0.000000
time_starttransfer: 0.014967
----------
time_total: 83.675212
Just replacing the content-type value with application/x-www-form-urlencoded
, the request took just 2 seconds:
curl -s -H 'Content-Type: application/x-www-form-urlencoded' -d @test.json 'http://localhost' -w @curl-format.txt
host localhost upstream:
time_namelookup: 0.005729
time_connect: 0.006164
time_appconnect: 0.000000
time_pretransfer: 0.006292
time_redirect: 0.000000
time_starttransfer: 0.012784
----------
time_total: 2.071719
To Reproduce
- download test.json
- create curl-format.txt as following
time_namelookup: %{time_namelookup}\n
time_connect: %{time_connect}\n
time_appconnect: %{time_appconnect}\n
time_pretransfer: %{time_pretransfer}\n
time_redirect: %{time_redirect}\n
time_starttransfer: %{time_starttransfer}\n
----------\n
time_total: %{time_total}\n
- send request to nginx with content-type
application/json
and the test.json content as the request body:
$ curl -v -H 'Content-Type: application/json' -d @test.json 'http://localhost' -w @curl-format.txt
Server:
- ModSecurity - v3.0.3-45-g145f2f35 for Linux
- Modsecurity-nginx 1.0.0
- nginx 1.13.6