Re: [mod-security-users] Getting Segmentation fault with to much rules
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Getting Segmentation fault with to much rules
|
From: Ivan R. <iv...@we...> - 2006-03-09 16:32:17
|
ste...@gm... wrote: > > > Sounds to me Apache is crashing because you don't have enough > > RAM to run all those rules. > > > Okay. The system has 1GB memory. Did not know, that mod_security does take > that much memory for the rules. In a way it does not really matter how efficient ModSecurity is - you can always kill it by using too many rules. Plus, it depends on the type of traffic. Large requests translates to using a lot of memory to process them. The number of concurrent requests also plays a role. >> FYI, 1.9.3 uses less memory so you may be able to use that >> without crashing. >> > Will install 1.9.3 right now. BTW, it's still 1.9.3-rc1. Let us know how you fare. >> Either way, you are killing the performance with such a large >> number of rules. Blacklisting, in particular, is much better >> done with an RBL-style protection. >> > How to implement RBL-style protection with mod_security? I didn't necessarily mean to use ModSecurity for it. Incidently, 2.0.0-dev1 supports it - see my earlier post or the documentation. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall Apache Security (O'Reilly): http://www.apachesecurity.net |
