compile modsec with --enable-pcre-study. If you want to consider use pcre 8.20 i can send you a tarball of ModSecurity 2.7 that allows you run PcreJit. Some rules is running 2 times faster.



On Mon, Oct 24, 2011 at 1:37 PM, Christian Bockermann <> wrote:

Am 24.10.2011 um 20:22 schrieb rm4dillo D:

> Even with log level 9, I have no errors. In fact, I'm using CRS rules and it's the 2.2.2 version.

Even with no errors - at log level 9 ModSecurity will document it rule processing
in great detail. That means, it will report any little step it is taking while processing
the request.

If you put ModSecurity into debug log level 9, I doubt you'll get more than 3-5 request
per second through your apache. And that is all due to logging overhead in your debug-
log file.

But I agree with Ryan here, there seems to be some error in your rule setup. Without any
additional information it's not very promising to analyze here.

So, you'd need to go for a step-by-step analysis of your ruleset, i.e. iteratively
including rule-files one-by-one and testing each time...

The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn
about Cisco certifications, training, and career opportunities.
mod-security-users mailing list
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: