|
From: Felipe Z. <fe...@zi...> - 2018-04-06 22:02:56
|
Hi, On Fri, Apr 6, 2018 at 6:15 PM Christian Folini <chr...@ne...> wrote: > Dear Felipe, > > On Fri, Apr 06, 2018 at 02:05:56PM +0000, Felipe Zimmerle wrote: > > I would suggest you to work an real use case. Using a real environment. > As > > you said, testing in the loop back is not good thing. > > Sure. Here you have data from a light production service with static files > mostly. I've picked this one to be nice with ModSecurity. > > Apache, naked : 20.8 rps > > Apache, ModSec2, 1 rule : 21.1 rps > Apache, ModSec2, 10 rules : 19.6 rps > Apache, ModSec2, CRS3 : 19.0 rps > > > NGINX, naked : 21.8 rps > > NGINX, ModSec3.0.0, 1 rule : 20.6 rps > NGINX, ModSec3.0.0, 10 rules : 19.2 rps > NGINX, ModSec3.0.0, CRS3 : 15.2 rps > > NGINX, ModSec3.0.2, 1 rule : 19.8 rps > NGINX, ModSec3.0.2, 10 rules : 19.4 rps > NGINX, ModSec3.0.2, CRS3 : 17.9 rps > > Thank you Folini, i think those are more "concrete" numbers to work with. Lets follow up the discussion here: https://github.com/SpiderLabs/ModSecurity/issues/1734 Br., Felipe. |
