You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Marc Perkel <ma...@perkel.com> on 2007/05/29 23:31:08 UTC
[users@httpd] mod_security and system load
I'm running FC6 and added mod_security using the default rule set and
the load level on the system is about 5 times higher than without it.
I'm wondering what rule sets I might disable that would give me some
security without slowing the server down to a crawl. Could use some
practical advice.
Thanks in Advance.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_security and system load
Posted by Marc Perkel <ma...@perkel.com>.
Nick Kew wrote:
>
> On 29 May 2007, at 22:31, Marc Perkel wrote:
>
>> I'm running FC6 and added mod_security using the default rule set and
>> the load level on the system is about 5 times higher than without it.
>> I'm wondering what rule sets I might disable that would give me some
>> security without slowing the server down to a crawl. Could use some
>> practical advice.
>
> What are you protecting? A jump that big suggests the possibility
> that your
> contents may be predominantly static. In which case, turn
> mod_security off!
>
> The really big performance hit with mod_security is if you scan request
> and/or response bodies with it. And I can't see how you could
> usefully apply
> any default ruleset to that.
>
Probably people with older versions of php/mysql apps like phpbb that
are exploitable. Mostly protecting against request/post expliots rather
than filtering outgoing content.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_security and system load
Posted by Nick Kew <ni...@webthing.com>.
On 29 May 2007, at 22:31, Marc Perkel wrote:
> I'm running FC6 and added mod_security using the default rule set
> and the load level on the system is about 5 times higher than
> without it. I'm wondering what rule sets I might disable that would
> give me some security without slowing the server down to a crawl.
> Could use some practical advice.
What are you protecting? A jump that big suggests the possibility
that your
contents may be predominantly static. In which case, turn
mod_security off!
The really big performance hit with mod_security is if you scan request
and/or response bodies with it. And I can't see how you could
usefully apply
any default ruleset to that.
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org