Re: [mod-security-users] Still stuck with up to 400% decrease inperformance.
Brought to you by:
victorhora,
zimmerletw
From: James N. <ja...@no...> - 2008-03-04 19:02:17
|
Hi Brian, Thanks for your help. I am using webload (http://www.radview.com/) 100 users concurrent with 1 - 2 second sleep times. Each virtual user request three pages using GET no prams, test is running in a loop. No fixed number of iterations. Load is generated on a dedicated load generation box. The target machine is also dedicated, all test are run with everything configured the same way with the exception of SecRuleEngine On and SecRuleEngine Off, network is dedicated 100Mb. The only odd thing I noticed was the test request are not caching correctly, meeting for each request I may be requesting 20 or more static files (css. js and images) It was my understanding that mod_security would not do or at least do limited work on these types of request. (sub request from the parent HTML) If mod_security is acting on these request it might explain the load. Because now 100 concurrent request becomes 2000 request I also run the apache server as a reverse proxy and SSL termination point. APACHE_MODULES="dir alias expires headers log_config mime negotiation setenvif ssl unique_id proxy rewrite deflate proxy_http authz_host authn_file php5 cgi mod_security2 Test box is running on a private network, maybe a DNS issue, but that would not explain the high CPU. From your internal load test what is the expected overhead will all core rules applied? James Nordstrom --- Brian Rectanus <Bri...@br...> wrote: > Hi James. Just wanted to let you know I am still > looking at this. I > have not been able to replicate/isolate the issue > yet. > > From what I gathered from your emails, this happens > just doing a simple > GET request of a static page (one that should not > alert). Is this true? > > How are you generating the load? Is it a single > threaded (or multiple > unthreaded) processes on the same box doing > requests, or is it some load > generation software external to the box? Anything > that you can do to > better describe your process of load testing would > help me setup a > similar test here. > > As for PCRE, I am not sure. I have 7.4 that I am > using. > > -B > > James Nordstrom wrote: > > Hi All, > > > > I have tried everything I can think of and > am still > > stuck with up to a 400% decrease in performance. > > > > -Disabled all logging > > -Set log level to 0 > > -Removed the rules one by one > > -Replaced 2.5.0 with 2.1.6 > > -Disabled outbound inspection > > > > I did not find one offending rule, the > rules just > > appear to run slow. > > > > Running a simple 100 user load test: (3 > GETS > > and 1 POST) > > Mod security disabled 8% - 20% CPU > > Mod security enabled 40% - 80% CPU > (various rules > > added/removed) > > > > Since I am facing the same issues with > 2.5.0 as I am > > with 2.1.6 I am wondering if PCRE can be the > issue. I > > use Apache 2.2.8 which uses an external PCRE lib. > I > > see PCRE 7.6 is out should I upgrade from 7.2? > > > > My system is: > > -2x 2.4Ghr dual core AMD Opterons > > -32GB Ram > > -OpenSuse 10.3 64Bit > > -Apache 2.2.8 (64Bit) > > -PCRE 7.2 (64 and 32bit) > > -Mod_security 2.5.0 and 2.1.6 > > -Apache is compressing outbound content. > > > > Any help would be greatly appreciated. > > > > Thanks > > > > James > > > > James Nordstrom > > Nordstrom Design Inc. > > E-mail: ja...@no... > > US: 908-419-5597 > > Europe: 001/908-419-5597 > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio > 2008. > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > mod-security-users mailing list > > mod...@li... > > > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > > > > -- > Brian Rectanus > Breach Security > James Nordstrom Nordstrom Design Inc. E-mail: ja...@no... US: 908-419-5597 Europe: 001/908-419-5597 |