On Fri, Dec 5, 2014 at 6:07 AM, Kannan Narayanasamy -X (kannanar - HCL
TECHNOLOGIES LIMITED at Cisco) wrote:
> Hi Team,
>
>
>
> While scanning the ports using Qualys scanner, Apache process is
> crashing. We can add the corresponding port in the exclude list but in
> customer scenario is not possible to exclude those ports from scanning. Is
> there any option is available to recover from this crashing.
>
>
>
> Apache Details:
>
>
>
> Server version: Apache/2.2.22 (Win32)
>
> Server built: Apr 11 2012 12:17:10
>
>
>
> Can anyone help us on this part to resolve the issue?
>
>
>
> Thanks,
>
> Kannan Narayanasamy.
>
>
>
Find the root cause. Maybe the scanner is checking for a known
vulnerability which causes a crash, and you need to upgrade.
Several procedures that should provide useful information:
1. Use the latest httpd 2.2.x and see if the problem still occurs.
2. Use mod_log_forensic (
http://httpd.apache.org/docs/2.2/mod/mod_log_forensic.html) to see which
request is triggering the crash, verify that it is the same request for
each scan run, then study the configuration and any third party modules
that would behave differently for that particular request.
3. Disable all third-party modules and see if the problem is still
reproduced. If not, add them back one by one to see which is the likely
culprit.
4. Use debugging tools (a crash dump or running the httpd.exe child process
under a debugger while the problem is reproduced). You'll need .pdb files
(debugging symbols) for your httpd for this to be practical.
--
Born in Roswell... married an alien...
http://emptyhammock.com/
