|
From: Christian F. <chr...@ne...> - 2018-04-04 08:58:50
|
Hello Andrei, On Wed, Apr 04, 2018 at 11:29:18AM +0300, Andrei Belov wrote: > I think that environment could be [relatively easily] extended to support > Apache + ModSec 2.x, in addition to nginx + ModSec 3.x, in order to simplify > "direct" comparison and provide reproducible, statistically significant results. Very cool. Thank you for sharing - and thanks for your contributions to ModSecurity, namely 3.0.1. The conceptual problem is see is that it's more than one variable here. Apache/ModSec2 vs. NGINX/ModSec3. I'm an Apache person, but when I stripped the two of Modsec and let the bare minimum installations serve static files, NGINX blew me away. So I kind of think that one would have to slow down NGINX to reach an Apache level and then in a 2nd step add ModSec again to be able to measure ModSec2 vs ModSec3. What is your take on this? Best, Christian -- The Universe is made of stories, not of atoms. -- Muriel Rukeyser |
