Re: [Mod-security-developers] ModSecurity extension for Nginx
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] ModSecurity extension for Nginx
|
From: Christian F. <chr...@ti...> - 2014-10-20 08:57:06
|
Hoang Hai Nam, This is the developer list. Your question is better served on the user list. The brief answer is this: It depends on your situation and your application. Generally, the expensive rules are those applied to big chunks of data. Typically the rules working on the reponse body are very heavy. You can chose to disable reponse body access and get a big performance boost. But it might be safer to review the requests/resonses and the rules one by one and pick those expensive rules on those requests/responses where they do not serve any good. If you have a static 1MB CSS, there is little point in running a ton of regexes on that output with every request/reponse. It all depends on your local tuning. _You_ need to do that work. Do it throughly and you won't face a performance problem. Fail to do it properly and you will have to disable ModSec again because of bad performance. Best, Christian Folini Hoang Hai Nam <na...@gm...> , 10/20/2014 10:17 AM: Hi Carlos, How many rules you applied for your system? I intend to use the whole the "Core rule set", It has a lot of rules, than if I use it each user's request will be inspect by hundreds of rules. Meanwhile reverse proxy ModSecurity becomes the bottleneck of the whole system. On Mon, Oct 20, 2014 at 2:40 PM, Carlos Vidal <ca...@ta...> wrote: I'm using nginx+modsec with a webmail system (Zimbra) hosting 25K users and it works pretty well. Performance depends of course on the number of rules you apply and in which phases. You can define hundreds of rules but have only a few that are used in the most common requests. If performance is paramount for your site, you will need to spend some time analyzing modsec logs to find which rules give you the highest "protection/load" ratio. On Mon, Oct 20, 2014 at 6:27 AM, Hoang Hai Nam <na...@gm...> wrote: Hi everyone, I'm planning to use ModSecurity for Nginx (reverse proxy form) to protect the multipe my company's website, but I confused for Development Status: BETA, and I do not know that ModSecurity for Nginx has stable performance with Core Rule Set or not? Nginx has a very good performance when used as a reverse proxy, so I want to ask for advices on the using Nginx with ModSecurity Looking forward to reply, Thanks all very much. -- Best regards, ----------------------------------------------------------------------------- Hoang Hai Nam, senior Department of Software Engineering School of Information and Communication Technology (SoICT, http://www.soict.hut.edu.vn) Hanoi University of Science and Technology (HUST, http://www.hut.edu.vn) C1 Building - No 1, Dai Co Viet Street, Ha Noi, Vietnam Yahoo: soap412 Mobile: +84 (0)9.13.09.66.46 Facebook: https://www.facebook.com/nam.hoanghai E-mail: na...@gm... nam...@ho... ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php -- Best regards, ----------------------------------------------------------------------------- Hoang Hai Nam, senior Department of Software Engineering School of Information and Communication Technology (SoICT, http://www.soict.hut.edu.vn) Hanoi University of Science and Technology (HUST, http://www.hut.edu.vn) C1 Building - No 1, Dai Co Viet Street, Ha Noi, Vietnam Yahoo: soap412 Mobile: +84 (0)9.13.09.66.46 Facebook: https://www.facebook.com/nam.hoanghai E-mail: na...@gm... nam...@ho... ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ mod-security-developers mailing list mod...@li... https://lists.sourceforge.net/lists/listinfo/mod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php |
