This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.5 WAF: slotmem_create failed

Have never seen this before, but at one customer, I upgraded for UTm 9.5 4 days ago, suddenly all servers had "internal error" and a yellow exclamation mark in WAF settings. Live log was full of this:

 

017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.000810 2017] [proxy_protocol:notice] [pid 21492:tid 4152121024] ProxyProtocol: disabled on 127.0.0.1:4080
2017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.001023 2017] [security2:notice] [pid 21492:tid 4152121024] ModSecurity for Apache/2.7.4 (http://www.modsecurity.org/) configured.
2017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.001035 2017] [security2:notice] [pid 21492:tid 4152121024] ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1"
2017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.001051 2017] [security2:notice] [pid 21492:tid 4152121024] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
2017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.001060 2017] [security2:notice] [pid 21492:tid 4152121024] ModSecurity: LIBXML compiled version="2.7.6"
2017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.207757 2017] [slotmem_shm:error] [pid 21497:tid 4152121024] AH02599: existing shared memory for /var/run/apache2/slotmem-shm-p98831e12.shm could not be used (failed size check)
2017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.207917 2017] [proxy_balancer:emerg] [pid 21497:tid 4152121024] (22)Invalid argument: AH01179: balancer slotmem_create failed
2017:05:17-00:03:06 fw01 reverseproxy: [Wed May 17 00:03:06.207960 2017] [:emerg] [pid 21497:tid 4152121024] AH00020: Configuration Failed, exiting

The fix was this:
https://community.sophos.com/kb/en-us/121309

Everything is now green again, but I don't understand why - it's an old bug?!


This thread was automatically locked due to age.
  • How does this occur ? Does it happen directly after an upgrade? Or does it occur after a period of time? Would this affect a fresh install of 9.5?

    Also was the fix permanent or did the issue resurface?

    How many virtual hosts did this customer have? Was this a big deploymemt of WAF? Have any of your other customers had issues with waf or is this customer the biggest?

    I'm about to deploy waf for 300 websites with 5 back-end hosts, and we are starting fresh with 9.5 on a pair of sg430. So I want to understand thr circumstances behind how your issue happenend.

    Thank you in advance.

  • It did occur 4 days after upgrade, have not seen this on fresh installs.

    As I did implement the fix yesterday, I am not sure if it's permanent yet :-)

    They have 10 sites and 5 webservers behind WAF and are not the biggest.

    I will make a support case today to make them look at it :-)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Architect

  • Thank you for taking the time to reply. Yes, please do open a case up to help everyone out.

     

    I am researching this bug, and it appears a config change was made, what trigged this issue? did it just not work all of a sudden, or did someone make a change?