-
Notifications
You must be signed in to change notification settings - Fork 3
Home
Andrei Belov edited this page Mar 10, 2017
·
29 revisions
- nginx: 1.11.10
- ModSecurity: v3/dev/parser (8b8fd84)
- ModSecurity-nginx: v3/dev/parser (9f6d3a7)
- environment: 2-core VirtualBox VM on MBP A1502 (early 2015, 2-core i5 2.9GHz)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 39445.56 46228.25 44283.87 43476.616 2184.7312
latency (ms)
x 10 1.1 1.37 1.21 1.222 0.091627264
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 8071.25 11953.68 10634.85 10374.126 1200.2281
latency (ms)
x 10 4.23 7.82 5 5.358 1.2109941
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 238.8 259.02 246.88 247.418 5.9640549
latency (ms)
x 10 208.11 230.52 217.76 218.968 6.9131273
- nginx: 1.11.10
- ModSecurity: v3/master (3a41308)
- ModSecurity-nginx: master (134bd36)
- environment: 2-core VirtualBox VM on MBP A1502 (early 2015, 2-core i5 2.9GHz)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 38136.4 47561.79 44300.42 43351.954 2743.1755
latency (ms)
x 10 1.07 1.4 1.19 1.206 0.099911072
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 10120.76 12979.9 12727.41 12290.594 891.67524
latency (ms)
x 10 3.88 5.02 3.98 4.128 0.34726871
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 334.64 370.86 363.77 356.733 13.667706
latency (ms)
x 10 142.49 158.27 147.04 148.176 5.8598297
- nginx: 1.11.10
- ModSecurity: v3/dev/parser (8b8fd84)
- ModSecurity-nginx: v3/dev/parser (9f6d3a7)
- environment: 12-core KVM/libvirt VM on bare-metal server (Intel Xeon E5645 2.4GHz, 24 cores total)
- configuration details:
- nginx:
worker_processes 6; worker_cpu_affinity 111111000000;
- wrk:
taskset -c 0-5 wrk -t6 -c600 -d30s
(10 iterations)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 87538.41 97062.44 93506.49 92832.83 2717.0839
latency (ms)
x 10 6.22 6.88 6.49 6.508 0.21054427
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 27984.07 31588.76 31013.95 30484.634 1151.9494
latency (ms)
x 10 18.98 21.57 20.06 20.01 0.81266366
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 164.5 251.93 181.79 191.226 28.760167
latency (ms)
x 10 197.41 429.26 330.67 308.639 73.228166
The numbers for /modsec-off
and /modsec-light
with multi-worker nginx setup are significantly better than in single-worker mode, but /modsec-full
does not show any difference. In the process of investigation it turned out that disabling audit log (by setting SecAuditEngine Off
) greatly improves overall performance with OWASP CRS v3.0.0 loaded:
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 577.99 864.63 854.69 823.902 87.17359
latency (ms)
x 10 633.42 730.81 646.95 654.834 28.487218
Further investigation showed that in case of SecAuditEngine RelevantOnly
only one CPU core (among the set of cores nginx is using according to worker_cpu_affinity
) is 100% busy:
With SecAuditEngine Off
, all cores that are being used by nginx are constantly busy:
- nginx: 1.11.10
- ModSecurity: v3/master (53485c7)
- ModSecurity-nginx: master (5175214)
- environment: 2-core VirtualBox VM on MBP A1502 (early 2015, 2-core i5 2.9GHz)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 44040.08 56882.7 53699.65 51600.859 4057.3947
latency (ms)
x 10 0.87 1.14 0.99 0.977 0.084859361
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 10568.21 13532.37 12921.28 12336.21 1207.9385
latency (ms)
x 10 3.71 4.74 3.9 4.104 0.42893149
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 238.79 259.41 253.79 250.74 7.4913906
latency (ms)
x 10 207.47 221.61 213.96 213.635 5.7969556
- nginx: 1.11.10
- ModSecurity: v3/dev/speedup (d9fabea)
- ModSecurity-nginx: master (5175214)
- environment: 2-core VirtualBox VM on MBP A1502 (early 2015, 2-core i5 2.9GHz)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 48151.25 54508.49 52135.16 51337.515 2114.2494
latency (ms)
x 10 0.92 1.14 0.99 0.996 0.069633964
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 10456.84 13941.7 13011.89 12441.49 1375.0929
latency (ms)
x 10 3.59 4.8 3.97 4.078 0.48276518
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 270.44 284.01 278.54 278.824 4.1302763
latency (ms)
x 10 187.65 198.52 191.41 191.247 3.5242337