Comodo WAF ModSecurity ruleset leading to large secdatadir cache files

aegis

Well-Known Member
Jul 6, 2003
70
2
158
I've also had this though with CWAF ruleset 1.215 and I'm using ModSecurity ea-apache24-mod_security2-2.9.3-2.el6.cloudlinux.x86_64

I had a 52G nobody-ip.pag on one server and 29G on another and httpd processes were running at 100% or more. Possibly also causing huge IO utilisation issues also.

I've pruned the database using the following commands...

Bash:
/usr/sbin/modsec-sdbm-util -D /var/cpanel/secdatadir -v -n /var/cpanel/secdatadir/nobody-ip.pag &&\
  rm /var/cpanel/secdatadir/nobody-ip.pag &&\
  rm /var/cpanel/secdatadir/nobody-ip.dir &&\
  mv /var/cpanel/secdatadir/new_db.pag /var/cpanel/secdatadir/nobody-ip.pag &&\
  mv /var/cpanel/secdatadir/new_db.dir /var/cpanel/secdatadir/nobody-ip.dir
And then restarted httpd and server load has come down to normal.

Since CWAF seems to use a different database file, perhaps this needs to be added to a maintenance script @cPanelMichael ?