[Owasp-modsecurity-core-rule-set] Performance issues

rm4dillo D rm4dillo at gmail.com
Mon Oct 24 14:30:09 EDT 2011


I recently installed ModSecurity with CRS 2.2.2 (base rules only, paranoid
mode set to off and SecResponseBodyAccess to off too) on a high traffic
server and the CPU usage almost reached 100% while it's usually around 2 to
5% and I have no errors.

By disabling mod_security_crs_4[01]* rules (generic, xss, sqli) it's way
better but not really useful :).

Any clues? Does someone benchmark the rules before every release?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20111024/e5f19c18/attachment.html 

More information about the Owasp-modsecurity-core-rule-set mailing list