Hi,

I was just wondering if there's any information about tweaking the performance of collections in mod_security.

I have it running for a very well used website. If I enable any rules (application defects being the main "culprit") that make use of collections in anything except exceptional circumstances mod_security effectively kills the site. I'm assuming this is something to do with how collections work with sdbm files. I don't know if it's a limitation of sdbm or just a performance under load issue.

The file size makes little difference and the hardware, when not using collection barely breaks a sweat, but as soon as collections are used Load on the server ramps up to insane levels and then the website dies. Most of the load is the apache processes spending most of their time in system cpu (according to top) which would suggest perhaps it's a locking issue ?

Anyway, I'm not sure where to ask about it, or if it's even something that can / could be "fixed". So far I just have to rip out all rule sets that use persistent collections in order to have a functioning site.

I've had a trawl through JIRA and mailing lists and blog etc and can't find anything that really covers this, only mention of problems creating the sdbm files or problems with the files sizes becoming unmanageable.

Assistance much appreciated.

Oh, I have mod_security 2.6 something and the latest CRS rules that can run with that, not that I think that's overly relevant to the question as I suspect it's a more underlying issue.

Out of interest I note there is something about centralised collections and memcache, would that perhaps provide better performance / scalability overall too ?