Re: [mod-security-users] Modsecurity super slow when SecRequestBodyAccess On
Brought to you by:
victorhora,
zimmerletw
From: Breno S. <bre...@gm...> - 2012-05-03 02:37:27
|
Hi Gil, This very strange. Could you send me your debug log file ? What ModSecurity version are you using ? Thanks Breno On Wed, May 2, 2012 at 9:25 PM, Gil Vidals <gv...@gm...> wrote: > I have installed, modsecurity-crs_2.2.4.tar.gz, and an ASP sign HTML form > is being processed super slow whenever SecRequestBodyAccess is On. If I > set it to Off, the form processes very quickly. > > I turned on debugging, and I see the usec are super high for the steps > below. How can this be fixed so that I can have much faster processing of > the form fill when SecRequestBodyAccess is On? > > > [02/May/2012:19:16:59 --0700] [ > www.constantmd.com/sid#7fc8efd152d8][rid#7fc8f01f3878][/][5<http://www.constantmd.com/sid#7fc8efd152d8][rid%237fc8f01f3878][/][5>] > Rule 7fc8efd11730: SecRule "TX:OUTBOUND_ANOMALY_SCORE" "@ge > %{tx.outbound_anomaly_score_level}" > "phase:5,id:981205,t:none,log,noauditlog,pass,msg:'Outbound Anomaly Score > Exceeded (score %{TX.OUTBOUND_ANOMALY_SCORE}): %{tx.msg}'" > [02/May/2012:19:16:59 --0700] [ > www.constantmd.com/sid#7fc8efd152d8][rid#7fc8f01f3878][/][4<http://www.constantmd.com/sid#7fc8efd152d8][rid%237fc8f01f3878][/][4>] > Rule returned 0. > [02/May/2012:19:16:59 --0700] [ > www.constantmd.com/sid#7fc8efd152d8][rid#7fc8f01f3878][/][4<http://www.constantmd.com/sid#7fc8efd152d8][rid%237fc8f01f3878][/][4>] > Audit log: Ignoring a non-relevant request. > [02/May/2012:19:17:01 --0700] [ > www.constantmd.com/sid#7fc8efd22c78][rid#7fc8f01f8bc8][/Accounts/SignUp.aspx][4<http://www.constantmd.com/sid#7fc8efd22c78][rid%237fc8f01f8bc8][/Accounts/SignUp.aspx][4>] > Operator completed in 60036848 usec. > [02/May/2012:19:17:01 --0700] [ > www.constantmd.com/sid#7fc8efd22c78][rid#7fc8f01f8bc8][/Accounts/SignUp.aspx][4<http://www.constantmd.com/sid#7fc8efd22c78][rid%237fc8f01f8bc8][/Accounts/SignUp.aspx][4>] > Transformation completed in 60036950 usec. > > Thanks in advance for your help. > > > > -- > Gil Vidals > > CONFIDENTIALITY NOTICE: The information contained in this transmission may > contain privileged and confidential information. It is intended only for > the use of the person(s) named above. If you are not the intended > recipient, please contact the sender by reply email and permanently delete > the original message. > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > |