That is a weird result. Nginx version is certainly not ready for performance testing, but perhaps what is showing here is Apache's superior extensibility model.
I would repeat the test with 10 simple header-only rules, that would tell us more what's going on.
> Date: Thu, 6 Dec 2012 14:47:24 +0800 > From: "Tan Feng" <email@example.com> > Subject: [Mod-security-developers] nginx+modsecurity performance issue > To: <firstname.lastname@example.org> > Message-ID: <email@example.com> > Content-Type: text/plain; charset="us-ascii" > > > > We just had a simple throughput test for modsecurity comparing between > Apache and Nginx, > > the result is as following, which is frustrate me much and hard to explain: > > > > > > Apache+modsecurity(engine enabled with *empty* rules) : 517Mbps > > > > > > Nginx+modsecurity(engine enabled with *empty* rules) : 131Mbps > > > > (Both are conducted with Avalanche box with a big web page of 32kB, working > in exactly the same reverse proxy mode) > > > > > > Anyone can tell me why Nginx+modsecurity has a so poor performance? > > (When modsecuriyty engine is disabled, Nginx will outperform Apache much > much) > > > > > > > > > > Felix Tan