Environment:
Ubuntu Server 12.04 64Bit with Apache/2.2.22 (Ubuntu) and Worker mpm with modsecurity 2.7.5 and OWASP CRS latest.
Problem:
When server is under a load of 1500 concurrent users Mod_Security starts to show the below error in Apache's error log and the server CPU usage goes up to dangerous levels.
[Wed Oct 02 21:21:52 2013] [error] [client xxx.xxx.xxx.xxx] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "xxx.xxx.xxx.xxx_9e4f93d096e2ca3744251c41dde47a1a7b26fa75"): Internal error [hostname "www.example.com"] [uri "/php5-fcgi/setting/student_collage_list.php"] [unique_id "UkxkMMaIMEoAADg9zw0AAAgr"]
The files (global.dir, global.pag, ip.dir, ip.pag) are all placed in /tmp/ and owned by the user www-data and i even set 777 permissions on them just to see if the problem goes away.
I can see that this issue was patched see: https://www.modsecurity.org/tracker/browse/MODSEC-97 but i am using the latest modsecurity version "2.7.5" so i do not know why it is happening.
I also submitted a bug report at https://www.modsecurity.org/tracker/browse/MODSEC-428 but this is rather a critical problem to me so i though i could ask here as well.
Any ideas what is causing this error ? can this process be disabled ?
Update: Server's CPU Load is also very high when mod_security enabled, any tips on optimizing mod_security for high traffic websites ? currently i have 2000~ concurrent users.
