Are you trying to solve ModSecurity error: Failed deleting collection? This is a persistent error which have affected many ModSecurity users. We found the solution, so read on...
As part of our Server Support Services here at Ibmi Media, we have helped numerous customers fix ModSecurity related errors.
In this context, we shall look into why this error occurs and how to get rid of it.
More about ModSecurity error: Failed deleting collection
ModSecurity is very beneficial to web applications in that it helps to protect it from external attacks by means of rules. It has a system capable of creating arrays to store Information named collections. By means of these collections, performance is improved.
By requests, variables are used in persistent collections mode to maintain a robust cache system which syncs with the SDBM storage within a set time. How the sync process works with the SDBM storage system is based on the In-memory collection assigned to each processes on the webserver.
When a request is made to these collections to implement a remove action from the arrays in such collection, it takes cares of this request without any interference since ModSecurity does not have any execution logic to do so and thus cannot trigger such actions by default.
Sometimes, these remove request fails as a result of other threads processes trying to delete the same collection at the same time. When this error occurs , you will see an error message which looks like this;
[error] [client xxx.xxx.xxx.xxx] ModSecurity: collections_remove_stale: Failed deleting collection (name “ip”, key “xxx.xxx.xxx.xxx_6464647647xxxxxxxxxxxxxxxxx6464674”): Internal error [hostname “www.domain.com”] [uri “/php5-fcgi/setting/list.php”] [unique_id “Hdhdhdhndnjejejej74”]
How to solve ModSecurity error: Failed deleting collection
This error can be resolved by following the following tips;
i. A quick fix is to disable any anti-bruteforce rule which stores a block flag/timer in a collection.Therefore modifying these rules if applicable will also help to reduce the collection size.
ii. Try reducing the amount of register in the affected collection by reducing the expiration time to a lower value.
iii. The capacity of the data files storage could lead to this issue when it is almost used up. It is recommended that you check the data files storage path (SecDataDir) to see if there is a large file there. If so ,delete it by clearing the tmp directory.
You can also specify a separate directory for the SecDataDir or to the memory filesystem (tmpfs).
iv. You can set a cron job to automatically delete the files daily. This is not the best solution though but the previous tips will help a great deal.