github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-11-15 17:12:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Updated Debugging ModSecurity (markdown)

Chaim Sanders
2016-02-12 11:52:39 -05:00
parent a21c53a282
commit bae515ac08
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Debugging-ModSecurity.md

@@ -4,15 +4,15 @@ Here we explain some debugging techniques that are applicable to Nginx and Apach
# General debug instructions
Debugging ModSecurity means debugging the HTTP server. ModSecurity works as a server add-on/module/plugin/extension, it is part of the same process id (PID) of the server.
Debugging ModSecurity means debugging the HTTP server. ModSecurity works as a server add-on/module/plugin/extension, as a result, it is part of the same process ID (PID) of the server.
Before start the debug process, make sure that ModSecurity is compiled with debug parameter (**"-g"** for those who are using gcc). Another gcc parameter that is desired is the **"-O0"**, which will disable the compiler optimization, making the GDB's output more friendly. Independent of the target HTTP server, ModSecurity should be compiled with those special flags. Those flags can be placed during the configuration phase, as following:
Before starting the debug process, make sure that ModSecurity is compiled with the debugging parameter (**"-g"** for those who are using gcc). Another gcc parameter that is desired is the **"-O0"**, which will disable the compiler optimization, making GDB's output more friendly. Independent of the target HTTP server, ModSecurity should be compiled with those special flags. These flags can be added during the configuration phase, as follows:
```
CFLAGS="-g -O0" ./configure ...normal configure parameters...
```
It is recommended to keep the debugging process as simple as possible, to do so, eliminate the usage of the multiple threads by the HTTP server is recommended. The instructions on how to disable the threads/workers are dependent on your server, as explained on the sub-sections bellow.
It is recommended that one keeps the debugging process as simple as possible, to do so, the elimination of features such as multi-threading by the HTTP server is recommended. The instructions on how to disable threads/workers is dependent on your server, as explained on the sub-sections bellow.
## Apache