[mod-security-users] DDOS
Brought to you by:
victorhora,
zimmerletw
From: Tomer O. <to...@gm...> - 2007-03-29 18:48:18
|
Hi Using 2.1.0 on apache 2.2.4 configured as reversed proxy and logging to modsecurity console I did a benchmark on the box and accidentally triggered one of the rules. watching the server-status page all requests were in "L" state (logging) and apache was slow with serving requests. disabled logging with modsec-auditlog-collector.pl and the benchmark was ok. looks like the modsec-auditlog-collector.pl performance isn't so great, and in production an attacker can easily DDOS the server by triggering a couple of thousands requests. any one checked the performance of the logging with over 100/Req per second Tomer |