Re: [Mod-security-developers] My App with WAF sounds faster
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] My App with WAF sounds faster
|
From: Felipe C. <FC...@tr...> - 2016-06-09 13:42:45
|
Hi, Those “performance” related issues are always very interesting. Talking about performance, we can consider two main things: 1 - The time that takes to load a given web site. 2 - The amount of requests per second or throughput. Theoretically speaking, ModSecurity will add a little delay to your site, the amount of delay are driven by the rules that you have loaded. That delay is consequence of the rules execution on top of the requests/responses, which tends to use CPU cycles (among of other things). Depending on your server, if there are CPU frequency scaling available [1] or sleeping cores [2], they may wake, due to the simple fact that ModSecurity is consuming more CPU than it was used before, forcing the Kernel to use more hardware resources, thus, returning a more quickly response. But still not correct to say that "with ModSecurity it is performing better", as one of the big consequences of using more hardware resources is energy consumption and consequently generating heat. So we can’t call it a better performance, after all, the `hardwares' are somehow different :) The point is: if you tweak the confirmation of your server, I am sure that you will be able to achieve better "performance" without ModSecurity. Despite all the assumptions that I did about your server, I hope I have answered your question ;) [1] https://wiki.debian.org/HowTo/CpuFrequencyScaling [2] http://www.ece.ubc.ca/~sasha/papers/eurosys16-final29.pdf Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 6/4/16, 5:38 AM, "Christian Folini" <chr...@ne...> wrote: >On Sat, Jun 04, 2016 at 08:12:16AM +0000, Thomas CATTY wrote: >> Thanks Christian for your quick answer >> That is exactly what I first answered : it must be just a feeling... But shared today by some of colleagues and even the end customer himself ;-) >> So I would love to find a reason... 'cause my App didn't change >> I'll try to compile done data as you mentioned > >We're waiting in anticipation for any data backing up your >impression. > >Ahoj, > >Christian > >> >> Many thanks >> >> Thomas CATTY >> Directeur Infrastructures IT & Support >> 06.95.37.78.32 >> http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVElwg9j63wHg&s=5&u=http%3a%2f%2fwww%2ecacom%2efr >> >> >> > On 03 Jun 2016, at 8:31 PM, Christian Folini <chr...@ne...> wrote: >> > >> > Thomas, >> > >> > That is a rare observation indeed. Is it a feeling or do you have hard >> > data? >> > >> > Regs, >> > >> > Christian >> > >> >> On Fri, Jun 03, 2016 at 03:20:51PM +0000, Thomas CATTY wrote: >> >> Hi guys, >> >> Hope you’re fine and thanks for your work >> >> Could one of you explain to me how is it possible that my LAMP App sounds faster since it’s behind the mod_security WAF ;-) >> >> I can’t explain but this is the case … >> >> Any compression ? … >> >> >> >> Thanks a lot >> >> Cheers, >> >> >> >> >> >> >> >> >> >> Thomas CATTY >> >> Directeur Infrastructures SI & Support >> >> >> >> Ligne directe : +33 1 40 89 19 02 >> >> Ligne mobile : +33 6 95 37 78 32 >> >> >> >> t....@ca...<mailto:t....@ca...> >> >> >> >> >> >> [logo-cacom-groupe]<http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl10y36KiTQ&s=5&u=http%3a%2f%2fcorporate%2ecacom%2efr%2fsignatures%2fgroupe%2ehtml> [CA Com] <http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1w-3f-iTA&s=5&u=http%3a%2f%2fcorporate%2ecacom%2efr%2fsignatures%2fcacom%5fclichy%2ehtml> >> >> [url CACOM]<http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVElw08ifv1TQ&s=5&u=http%3a%2f%2fwww%2ecacom%2efr%2f> >> >> [Logo Linkedin]<http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1U42qugSQ&s=5&u=https%3a%2f%2fwww%2elinkedin%2ecom%2fcompany%2fca-com%3ftrk%3dtop%5fnav%5fhome>[Logo Tweeter]<http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl11qiK2iSA&s=5&u=https%3a%2f%2ftwitter%2ecom%2fCA%5fCom%5fRetail>[Logo Facebook]<http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1s-i6_yGw&s=5&u=https%3a%2f%2fwww%2efacebook%2ecom%2fcacomretail> >> >> >> >> >> >> >> >> [header] >> >> [News 1] <http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1g72K3wGQ&s=5&u=http%3a%2f%2fcorporate%2ecacom%2efr%2fsignatures%2fnews2%2ehtml> [News 2] <http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1g72K3wGQ&s=5&u=http%3a%2f%2fcorporate%2ecacom%2efr%2fsignatures%2fnews2%2ehtml> >> > >> >> ------------------------------------------------------------------------------ >> >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> >> patterns at an interface-level. Reveals which users, apps, and protocols are >> >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> >> planning reports. http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl18736PyRw&s=5&u=https%3a%2f%2fad%2edoubleclick%2enet%2fddm%2fclk%2f305295220%3b132659582%3be >> > >> >> _______________________________________________ >> >> mod-security-developers mailing list >> >> mod...@li... >> >> http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1040q6kGg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >> >> ModSecurity Services from Trustwave's SpiderLabs: >> >> https://www.trustwave.com/spiderLabs.php >> > >> > >> > -- >> > mailto:chr...@ne... >> > http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1xuj62qSw&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech >> > twitter: @ChrFolini >> > >> > ------------------------------------------------------------------------------ >> > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> > patterns at an interface-level. Reveals which users, apps, and protocols are >> > consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> > J-Flow, sFlow and other flows. Make informed decisions using capacity >> > planning reports. http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl18736PyRw&s=5&u=https%3a%2f%2fad%2edoubleclick%2enet%2fddm%2fclk%2f305295220%3b132659582%3be >> > _______________________________________________ >> > mod-security-developers mailing list >> > mod...@li... >> > http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1040q6kGg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >> > ModSecurity Services from Trustwave's SpiderLabs: >> > https://www.trustwave.com/spiderLabs.php >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl18736PyRw&s=5&u=https%3a%2f%2fad%2edoubleclick%2enet%2fddm%2fclk%2f305295220%3b132659582%3be >> _______________________________________________ >> mod-security-developers mailing list >> mod...@li... >> http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1040q6kGg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >> ModSecurity Services from Trustwave's SpiderLabs: >> https://www.trustwave.com/spiderLabs.php > >-- >mailto:chr...@ne... >http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1xuj62qSw&s=5&u=http%3a%2f%2fwww%2echristian-folini%2ech >twitter: @ChrFolini > >------------------------------------------------------------------------------ >What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >patterns at an interface-level. Reveals which users, apps, and protocols are >consuming the most bandwidth. Provides multi-vendor support for NetFlow, >J-Flow, sFlow and other flows. Make informed decisions using capacity >planning reports. http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl18736PyRw&s=5&u=https%3a%2f%2fad%2edoubleclick%2enet%2fddm%2fclk%2f305295220%3b132659582%3be >_______________________________________________ >mod-security-developers mailing list >mod...@li... >http://scanmail.trustwave.com/?c=4062&d=r5PS18eHhVwIYSpXEd6e1MDy-mTJoaVEl1040q6kGg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
