Hello Mark, On Thu, Feb 01, 2018 at 09:27:13PM +0000, Mark Blackman wrote: > Thanks, as an update, a second round of testing where logging was reduced > and where we used a more proven httpd configuration resulted in more > sensible results, typically 2 ms for a request without scanning and 4 ms for > a request with scanning.
That is good news and I think also realistic. You can bring it further down with tuning. But it takes some effort. > We’re using version 2.9, but I wonder how much improvement you might expect > for version 3.0 and is version 3.0 considered production ready yet? ModSec 3.0 has been released as production ready. CRS3 works and namely the NGINX Plus offering has been using it for quite some time. The developers claim a seed gain over ModSec 2.9.x yet there are also people talking of performance issues. Personally, I do not have trustworthy data, so I do not want to add to any rumours one way or the other. I think it is best to test for yourself for the time being. Also I expect further optimizations with the 3.0.1 release. > Finally, does mod_security use any kind of hashing to cache results? No, it does not. At least 2.9 does not and I do not think I have read of 3.0 bringing this. It's an interesting feature, but also one that is very hard to get right, namely as this is a security product and hashing/caching often get into a conflict with one another. > On the > assumption that computing a digest of request is faster than running a large > series of regexes over it. In other words, there’s no point repeatedly > running the same rules over the same request line when it comes in each > time. Alternately, can mod_security exploit Apache server-side caching to > cache results? Again, no. However, if you really want to speed things up and you have a good understanding of your application, authentication is in place and you really know whom you are talking to, then you could think of bypassing certain rules under certain conditions. That is a trade-off between security and speed, but given the complete rule language is at your disposal interesting constructs can be created. Cheers, Christian -- Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. --- Douglas Adams _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
