[mod-security-users] huge performance hit with mod_security on "legacy" SPARC hardware
Brought to you by:
victorhora,
zimmerletw
From: Francois B. <fra...@gm...> - 2005-11-09 00:15:35
|
Hello list! I'm using mod_sec with Apache 1.3.33 and mod_security is a great product, but here the performance tradeoff is pretty bad. Our Apache server is a Sun Entreprise 450 equipped with 2 SPARC-II 400 MHZ processors, with 1 GB ram and a few SCSI 10000 rpm drive (no raid setup on the disk Apache is using). We're running Solaris 9. With mod_security disabled (in the httpd.conf file) the server is very responsive and CPU usage averages 21% with peaks up to 50%. With mod_security enabled, during peak hours the CPU is floored at 100% and our website is very slow to display, whether or not we are in the peak hours. System is not out of ram, is not swapping or disk trashing. Debug is disabled on mod_security. Our config file uses roughly a third of gotroot's rules for Apache 1.3... Anybody else has similar hardware, or similar performance issues? Any pointers to what i could look for? If someone thinks it might be a config file issue, i'll gladly sanitize my config file and post it here. Any input is greatly appreciated! Thanks! Francois Boulanger |