|
From: Christian F. <chr...@ne...> - 2018-09-24 08:24:23
|
Hello highclass99, There are a lot of nginxes that could be removed from your setup but that's not the question you are asking. I do not know anybody who runs ModSec on prefork Apache, the event MPM is clearly the standard these days. With that being said, I do not have the perf numbers. If you do compare them, please be sure to share. As for ModSec3 on NGINX: I think it's a lot less buggy than it used to be. Performance and a few isolated missing features are an issue though. You may want to keep an eye on this meta issue: https://github.com/SpiderLabs/ModSecurity/issues/1734 Good luck, Christian On Mon, Sep 24, 2018 at 04:35:35PM +0900, highclass99 wrote: > Hello, > > I run a > nginx <-> static files > nginx <-> apache modsecurity proxy <-> nginx <-> dynamic files(fastcgi) > > configuration. > > So, apache is only 100% for WAF. > In this case my theory was that since apache modsecurity is probably not io > bound but cpu bound, I set the apache MPM as prefork. > This apache instance handles thousands of requests/sec. > > I could not find any good information on whether this is optimal > performance wise. > > Performance wise is this a better choice than worker or event MPM, when > considering the apache is 100% only modsecurity requests? > > Also, I used the above model because nginx modsecurity was too buggy in the > past, I am considering using modsecurity 3 with nginx. In that case would > it be optimal to increase nginx worker instances since modsecurity would > probably be cpu bound? > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
