|
From: Felipe C. <FC...@tr...> - 2018-04-04 20:20:17
|
Hi, I really like to see those performance experiments going on. There are too many perspectives in this subject. I like the idea of having multiple rules set and versions. My rationale is that ModSecurity was not designed to run a single rule set, nor a rule set version. It may be optimized for a specific rule set, but still, what are the consequences of the optimizations for the others.... At this point it makes sense to focus only the public rules set, but we might need to take into consideration other rule sets as well. Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 4/4/18, 8:15 AM, "Andrei Belov" <de...@ng...> wrote: > On 04 Apr 2018, at 11:58, Christian Folini <chr...@ne...> wrote: > > Hello Andrei, > > On Wed, Apr 04, 2018 at 11:29:18AM +0300, Andrei Belov wrote: >> I think that environment could be [relatively easily] extended to support >> Apache + ModSec 2.x, in addition to nginx + ModSec 3.x, in order to simplify >> "direct" comparison and provide reproducible, statistically significant results. > > Very cool. Thank you for sharing - and thanks for your contributions to > ModSecurity, namely 3.0.1. > > The conceptual problem is see is that it's more than one variable here. > Apache/ModSec2 vs. NGINX/ModSec3. I'm an Apache person, but when I stripped > the two of Modsec and let the bare minimum installations serve static > files, NGINX blew me away. > > So I kind of think that one would have to slow down NGINX to reach an Apache > level and then in a 2nd step add ModSec again to be able to measure ModSec2 vs > ModSec3. > > What is your take on this? Well, ideally it would be awesome to have the following combos in [perf] tests: a) Apache + ModSec 2.x + CRS 2.x b) Apache + ModSec 3.x + CRS 3.x c) nginx + ModSec 2.x + CRS 2.x d) nginx + ModSec 3.x + CRS 3.x (obviously, CRS component could be optional when one is going to measure "generic overhead") However, I have limited knowledge on the following: - is ModSec 3.x has been ever targeted to support CRS < 3, - is there a working Apache connector for ModSec 3.x. Also I'm not sure whether ModSec 2.x has its own benchmarks (not related to any connector). If it does, then perhaps it would be good to compare "generic" ModSec 2.x vs "generic" ModSec 3.x as well. BTW, for those who are familiar with tools like gdb / perf / systemtap etc, there's the "debugenv" state in vagrant env: https://scanmail.trustwave.com/?c=4062&d=37PE2hgmrBoCfPZ1xNp9TVfwnlZlypKJZfBOSVkaZQ&s=5&u=https%3a%2f%2fgithub%2ecom%2fdefanator%2fmodsecurity-performance%2fblob%2fmaster%2fstates%2fdebugenv%2esls It could be useful for some deeper investigations. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, http://scanmail.trustwave.com/?c=4062&d=37PE2hgmrBoCfPZ1xNp9TVfwnlZlypKJZaVOHg4cZQ&s=5&u=http%3a%2f%2fSlashdot%2eorg%21 http://scanmail.trustwave.com/?c=4062&d=37PE2hgmrBoCfPZ1xNp9TVfwnlZlypKJZfMdGAoaYQ&s=5&u=http%3a%2f%2fsdm%2elink%2fslashdot _______________________________________________ mod-security-users mailing list mod...@li... https://scanmail.trustwave.com/?c=4062&d=37PE2hgmrBoCfPZ1xNp9TVfwnlZlypKJZfAaH1kcYA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://scanmail.trustwave.com/?c=4062&d=37PE2hgmrBoCfPZ1xNp9TVfwnlZlypKJZaJISwBIZA&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f http://scanmail.trustwave.com/?c=4062&d=37PE2hgmrBoCfPZ1xNp9TVfwnlZlypKJZaNMGQwcMQ&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f |
