The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_rewrite LOOP [N] Flag

Discussion in 'Security' started by zye, Dec 11, 2015.

  1. zye

    zye Well-Known Member

    Joined:
    Dec 6, 2002
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    hello

    regarding mod_rewrite i encountered a kind of big problem

    the [N] flag does Next and if used wrong this ends in an endless LOOP and stuck httpd process eating all Memory and brings the server to stop responding

    this ruleset killed my server - load went up 20+
    i was able to ssh in and had to #kill -9 PID

    is there any way to DEACTIVATE the [N] Flag in mod_rewrite ?

    Running on:
    Apache/2.2.29 (Unix)
    cpu i7-3930K
    64 GB RAM
    • CENTOS 6.7 x86_64 standard – WHM 11.52.1 (build 3)

    stuck httpd processes

    nobody 16834 1.6 17.8 16503064 11689456 ? D 09:55 0:28 \_ /usr/local/apache/bin/httpd -k start
    nobody 16835 1.8 29.1 24434928 19054612 ? D 09:55 0:31 \_ /usr/local/apache/bin/httpd -k start
    nobody 17125 1.9 29.6 24547640 19390656 ? D 09:57 0:31 \_ /usr/local/apache/bin/httpd -k start

    customers ruleset

    RewriteRule ^index.htm /index.php [L]
    RewriteRule ^impressum.htm /impressum.php [L]
    RewriteRule ^show-route.htm /show-route.php [L]
    RewriteRule ^delivery-charges.htm /delivery-charges.php [L]
    RewriteRule ^terms-of-business.htm /terms-of-business.php [L]
    RewriteRule ^links.htm /links.php [L]
    RewriteRule ^sitemap.htm /sitemap.php [L]
    RewriteRule ^productlist.htm /productlist.php [L]
    RewriteRule ^shoppingcart.htm /shoppingcart.php [L]
    RewriteRule ^userinfos.htm /userinfos.php [L]
    RewriteRule ^orderinfos.htm /orderinfos.php [L]
    RewriteRule ^send-order.htm /send-order.php [L]
    RewriteRule ^order-confirmation.htm /order-confirmation.php [L]
    RewriteRule ^vheader-(.*)-(.*).jpg /gen_image.php?text=$1&style=$2
    RewriteRule ^print.htm /print-order.php [L]


    RewriteRule ^(productlist)-([^/-]+)-([^/.-]+)([^/.]*)(\.html)?$ $1$4?$2=$3 [QSA,N]
    RewriteRule ^productlist$ /productlist.php [L]

    RewriteRule ^onlineshop /ssp_env.php [L]
    RewriteRule (.*)\.html$ /shopitem.php?id=$1?$2=$3 [QSA,N]
     
  2. zye

    zye Well-Known Member

    Joined:
    Dec 6, 2002
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    and just 4 info - the
    apache RLimitMEM is not working - limits are set but the process just grows and grows in mem
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate on this? For instance, what's the difference between deactivating it and simply removing it from your rules?

    Thank you.
     
  4. zye

    zye Well-Known Member

    Joined:
    Dec 6, 2002
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    as it is now any customer who uses the rule can bring my server down.

    thats why i like to just remove the Flag N so no loop is possible.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's not possible to disable this flag from the documentation I've reviewed. However, you could disable Mod_Rewrite for individual accounts that are utilizing rules which generate issues with Apache.

    Edit: Corrected Mod_Security to Mod_Rewrite

    Thank you.
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    What does Mod_Security have to do with this? I can't see any reason to disable it in this scenario.

    Anyway, there is a redirect limit of 10 by default, more info on this can be found here: core - Apache HTTP Server Version 2.4

    You could try lowering it but that really shouldn't be necessary.
     
  7. gryzli

    gryzli Active Member

    Joined:
    Jul 23, 2012
    Messages:
    44
    Likes Received:
    5
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Twitter:
    I don't think this limit will apply for the situation described.

    In fact for Apache 2.2.x I'm 100% sure it doesn't work.

    The -N flag tells mod_rewrite to start from beginning parsing the .htaccess file, which it seems doesn't increment the internal redirect counter.

    The memory leak resulting from "bad used" -N flag is a "100 year problem".

    For me the most convenient way of fixing this "bad behaviour" is to manually patch Apache and disable/limit the option.
     
Loading...

Share This Page