|
From: Christian F. <chr...@ne...> - 2018-04-06 21:15:03
|
Dear Felipe, On Fri, Apr 06, 2018 at 02:05:56PM +0000, Felipe Zimmerle wrote: > I would suggest you to work an real use case. Using a real environment. As > you said, testing in the loop back is not good thing. Sure. Here you have data from a light production service with static files mostly. I've picked this one to be nice with ModSecurity. Apache, naked : 20.8 rps Apache, ModSec2, 1 rule : 21.1 rps Apache, ModSec2, 10 rules : 19.6 rps Apache, ModSec2, CRS3 : 19.0 rps NGINX, naked : 21.8 rps NGINX, ModSec3.0.0, 1 rule : 20.6 rps NGINX, ModSec3.0.0, 10 rules : 19.2 rps NGINX, ModSec3.0.0, CRS3 : 15.2 rps NGINX, ModSec3.0.2, 1 rule : 19.8 rps NGINX, ModSec3.0.2, 10 rules : 19.4 rps NGINX, ModSec3.0.2, CRS3 : 17.9 rps The network latency diluted the numbers and suddenly a naked Apache is faster than a naked NGINX. But the performance problem of ModSec3 is still visible as is the performance improvement from 3.0.0 to 3.0.2. Best regards, Christian -- https://www.feistyduck.com/training/modsecurity-training-course https://www.feistyduck.com/books/modsecurity-handbook/ mailto:chr...@ne... twitter: @ChrFolini |
