Re: [mod-security-users] compiling against PCRE
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] compiling against PCRE
|
From: Justin G. <web...@sw...> - 2005-12-22 00:58:19
|
badips is good maybe on a quad opteron box :) while it's impossible to use them in mod_security, we found that iptables can handle them without much pain, well, depending on the amount of traffic. Our servers do less than 5Mb in average so it's fine. One drawback is blacklist.conf which I also drop. It should be broken down to few files and sorted out by relevance/priority. rules.conf should also definatelly be edited, tons of junk and also duplicates in there. Looks like author starts to use IDs for the rules so I hope it will be easier to categorize per/server rules and make the update process easier. Also, try using DynamicOnly. How PCRE would speed up processing a PDF/SWF/JPG? Justin Zach Roberts wrote: > In my more updated tests it appears as if the PCRE does help quite a bit > but, it still isn't enough. > > Mod_security cannot handle the thousands of rules necessary to secure > against all the security threats there seem to be. > > Since gotroot.com's ruleset seems to be standard for mod_security > installations I did tests with those rules. > > To start off I loaded the rules into the configuration in no particular > order except exclude.conf being first and watched as the server became > unstable then crashed. > > After rebooting I reordered them where the less intensive rules were > first (badips.conf) and others were last but, no ordering seemed to have > a very noticeable effect. The server's load went back up and it crashed > again. > > By removing badips.conf, several thousand rules from rules.conf, and > reordering them again I did get the server stable enough with > "SecFilterEngine On" with low to medium traffic. When traffic picked up > at 5PM the server load started to rise and the server crashed again. > > Any further improvements would definitely be welcomed. ;) > > Zach > > Ivan Ristic wrote: > >> Justin Grindea wrote: >> >> >>> hmm, forgot to paste the output... >>> here it is: >>> >> >> >> Try this first: >> <apache1-home>/bin/apxs -DUSE_PCRE -cia mod_security.c >> >> If that works but you still need to use LoadFile >> use: >> >> LoadFile /usr/lib/libpcre.so >> >> Otherwise just download the source from pcre.org >> and install it exactly as described in the manual. >> >> >> > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users |
