Correction: I'm talking about microseconds (us) not milliseconds (ms)

On Mon, Oct 24, 2011 at 6:54 PM, rm4dillo D <> wrote:

I recently installed ModSecurity on a high traffic server and the CPU usage almost reached 100% while it's usually around 2 to 5%. Then, I tried to benchmark ModSecurity by simply using Apache HTTP benchmarking tool ( ab -n ... http://localhost/ ) and I got the following results:

- Without ModSecurity : 416ms / request
- ModSecurity without rules : 482ms / request
- ModSecurity with basic rules (paranoid mode off, SecResponseBodyAccess off) : 2241ms / request ?!!

I have no false positives, so it's not related to massive logging.

I also did some profiling on Apache HTTPD and noticed that 40% of the CPU time is spent in "modsecurity_process_phase_request_body". In my opinion, it's not that surprising...

Any ideas or hints?

Thank you in advance!