|
From: Andrei B. <de...@ng...> - 2018-04-04 08:45:29
|
Hi folks, > On 04 Apr 2018, at 07:48, Christian Folini <chr...@ne...> wrote: > > Hey Robert, > > On Tue, Apr 03, 2018 at 05:50:07PM -0700, Robert Paprocki wrote: >> Can you share the specifics of your evaluation? Performance in modsec + crs >> will vary greatly depending on the request payload. Soon I would like to do >> some before and after trace profiling of these releases to better illustrate >> how libmodsec performs in various conditions. > > I did a minimal self-compiled NGINX with a basic ModSecurity and CRS > as documented on https://www.netnea.com/cms/nginx-modsecurity-tutorials/ . > (These new tutorials are in a draft state, the quality is not yet there. Use > with caution.) [..] > Felipe tagged a 3.0.2 yesterday and made it available at > https://github.com/SpiderLabs/ModSecurity/releases > I took that one for my tests. I reckon the performance is the same as with > the 3.0.1 that has been announced. > > This perf test is obviously very superficial. A thing to note is that even > testrun 2 would write the error-log (to gather statistical data). > > But whatever the specifics, I think this big performance boost will show in > any setup even if the factor might not be that high. > > Having real perf tests done regularly would be very welcome, Robert. JFYI, I have created vagrant-based tools to run performance tests with nginx and libmodsecurity some time ago: https://github.com/defanator/modsecurity-performance It creates pre-configured environment suitable for wide range of investigations, related both to performance and functionality. I tried to include meaningful configurations, e.g.: https://github.com/defanator/modsecurity-performance#what-is-being-tested I think that environment could be [relatively easily] extended to support Apache + ModSec 2.x, in addition to nginx + ModSec 3.x, in order to simplify "direct" comparison and provide reproducible, statistically significant results. (PRs are welcome of course.) -- Andrei Belov Product Engineer NGINX |
