|
From: Christian F. <chr...@ne...> - 2018-04-03 20:18:56
|
Congratulations on this release Felipe. I confirm the great improvement in terms of requests per second. A brief test against nginx/modsecurity running on localhost brought me a speedup of factor 5 with a CRS 3.0.2 default installation. The changelog mentions three performance improvements. Which one had this dramatic effect? And finally: Apache/ModSec 2.9.2 still trumps Nginx/ModSec 3.0.1 big time in my lab setup. What is your projection for future performance improvements on the new 3.0 release line? When will this be ready to replace existing installations with a similar performance? Cheers, Christian On Mon, Apr 02, 2018 at 12:30:07PM +0000, Felipe Costa wrote: > > > It is a pleasure to announce the release of ModSecurity version 3.0.1 > (libModSecurity). This version contains improvements, fixes and new features. > > The most important new feature is the support for the libMaxMinddb, > popularly kown as the new version of the GeoIP library. > > There is a splendid performance upgrade on v3.0.1. A significant amount of > work was placed on how to handle the memory usage more efficiently, which > leaded to great improvements in terms of latency and requests per second. > > The list with the full changes can be found on the project CHANGES > file, available here: > - https://github.com/SpiderLabs/ModSecurity/releases/tag/v3.0.1/CHANGES > > The list of open issues is available on GitHub: > - https://github.com/SpiderLabs/ModSecurity/labels/3.x > > Thanks to everybody who helped in this process: reporting issues, making > comments and suggestions, sending patches and so on. > > Further details on the compilation process for ModSecurity v3, can be found on > the project README: > - https://github.com/SpiderLabs/ModSecurity/tree/v3/master#compilation > > Complementary documentation for the connectors are available here: > - nginx: https://github.com/SpiderLabs/ModSecurity-nginx/#compilation > - Apache: https://github.com/SpiderLabs/ModSecurity-apache/#compilation > > > IMPORTANT: ModSecurity version 2 will be available and maintained parallel > to version 3. There is no ETA to deprecate the version 2.x. New features > and major improvements will be implemented on version 3.x. Security or major > bugs are planned to be back ported. Version 2 and version 3 has a completely > independent development/release cycle. > > > Br., > Felipe “Zimmerle” Costa > Security Researcher, Lead Developer ModSecurity. > > Trustwave | SMART SECURITY ON DEMAND > www.trustwave.com > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
