That is a weird result. Nginx version is certainly not ready for performance testing, but perhaps what is showing here is Apache's superior extensibility model.
 
I would repeat the test with 10 simple header-only rules, that would tell us more what's going on.
 
Greg
 
> Date: Thu, 6 Dec 2012 14:47:24 +0800
> From: "Tan Feng" <tanfeng@leadsec.com.cn>
> Subject: [Mod-security-developers] nginx+modsecurity performance issue
> To: <mod-security-developers@lists.sourceforge.net>
> Message-ID: <002901cdd37d$8c90e050$a5b2a0f0$@leadsec.com.cn>
> Content-Type: text/plain; charset="us-ascii"
>
>
>
> We just had a simple throughput test for modsecurity comparing between
> Apache and Nginx,
>
> the result is as following, which is frustrate me much and hard to explain:
>
>
>
>
>
> Apache+modsecurity(engine enabled with *empty* rules) : 517Mbps
>
>
>
>
>
> Nginx+modsecurity(engine enabled with *empty* rules) : 131Mbps
>
>
>
> (Both are conducted with Avalanche box with a big web page of 32kB, working
> in exactly the same reverse proxy mode)
>
>
>
>
>
> Anyone can tell me why Nginx+modsecurity has a so poor performance?
>
> (When modsecuriyty engine is disabled, Nginx will outperform Apache much
> much)
>
>
>
>
>
>
>
>
>
> Felix Tan