Bug#742530: apache2-mpm-worker: Apache mod-rewrite eats all RAM with certain rules

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#742530: apache2-mpm-worker: Apache mod-rewrite eats all RAM with certain rules
From: Carsten Brandt <thisisnotafuckingmaildeamon@cebe.cc>
Date: Mon, 24 Mar 2014 20:35:09 +0100
Message-id: <[🔎] 533088ED.3050204@cebe.cc>
Reply-to: Carsten Brandt <thisisnotafuckingmaildeamon@cebe.cc>, 742530@bugs.debian.org

Package: apache2-mpm-worker
Version: 2.2.16-6+squeeze12
Severity: important

I created a new project with the following .htaccess file to
rewrite all urls with _ to use dash instead: -.


```
RewriteEngine     On

# If a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^([^_]*)_([^_]*_.*) $1-$2 [N]
RewriteRule ^([^_]*)_([^_]*)$ /$1-$2 [L,R=301]
```

Short after having created the file, single apache processes
started to consume all available RAM, setting the system in an
unstable state. Processes got killed shortly afterwards and system
remained running normally but with high load and zombie PHP processes
open that do not disappear.
Dependend on traffic this popped up every few hours or even
more often.

After removing that .htaccess file everything turned back normal.
To verify the problem I let the server run without the file for a day again
and added the file back afterwards.
Directly after sending a few request to the
site I had the same problem again.



-- Package-specific info:
List of enabled modules from 'apache2 -M':
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cache deflate dir env expires fcgid
  mime negotiation reqtimeout rewrite setenvif ssl status suexec

-- System Information:
Debian Release: 6.0.9
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2-mpm-worker depends on:
ii  apache2.2-bin         2.2.16-6+squeeze12 Apache HTTP Server common
binary f
ii  apache2.2-common      2.2.16-6+squeeze12 Apache HTTP Server common files

apache2-mpm-worker recommends no packages.

apache2-mpm-worker suggests no packages.

-- no debconf information

-- 
mail:  mail@cebe.cc
mobil: 0176 / 96 52 999 7
www:   http://cebe.cc/
pgp:   http://cebe.cc/cebe_pub.asc
skype: skype://cebe08

Reply to:

Prev by Date: Re: Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation
Next by Date: problem with file DEBINAN/preinst within apache2 2.4.7-1
Previous by thread: Re: Bug#742145: openssl: uses only 32 bytes (256 bit) for key generation
Next by thread: problem with file DEBINAN/preinst within apache2 2.4.7-1
Index(es):
- Date
- Thread