Re: [mod-security-users] ModSecurity cost in Nginx
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] ModSecurity cost in Nginx
|
From: Christian F. <chr...@ne...> - 2019-09-25 06:14:00
|
Hello Xiang, Little amounts of traffic won't get nginx to sweat, but the higher you go, the larger percentage of CPU will be spent on ModSecurity. Nginx is a very lean reverse proxy, but with ModSecurity on top, it gains significant overhead. The best is probably to run a real stress test with locust or some other tool and see how the server behaves. There are a lot of factors that play into this. I have come to see that ModSecurity 2.9 on Apache 2.4 is substantially faster than ModSecurity 3 on Nginx. Good luck! Christian On Tue, Sep 24, 2019 at 10:34:03PM -0400, Wang Xiang wrote: > Hi all, > > I am testing ModSecurity with Nginx. > > I downloaded open source rule-set owasp-modsecurity-crs at Github and fed a captured real http traffic into Nginx to see the overhead of ModSecurity within Nginx. But a total of less than 1% CPU cycles are spent on ModSecurity. Do you have any insights of the percentage of time spent on ModSecurity within Nginx based on your experience? > > Thanks, > Xiang > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
