Home
- nginx: 1.11.10
- ModSecurity: v3/dev/parser (8b8fd84)
- ModSecurity-nginx: v3/dev/parser (9f6d3a7)
- environment: 2-core VirtualBox VM on MBP A1502 (early 2015, 2-core i5 2.9GHz)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 39445.56 46228.25 44283.87 43476.616 2184.7312
latency (ms)
x 10 1.1 1.37 1.21 1.222 0.091627264
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 8071.25 11953.68 10634.85 10374.126 1200.2281
latency (ms)
x 10 4.23 7.82 5 5.358 1.2109941
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 238.8 259.02 246.88 247.418 5.9640549
latency (ms)
x 10 208.11 230.52 217.76 218.968 6.9131273
- nginx: 1.11.10
- ModSecurity: v3/master (3a41308)
- ModSecurity-nginx: master (134bd36)
- environment: 2-core VirtualBox VM on MBP A1502 (early 2015, 2-core i5 2.9GHz)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 38136.4 47561.79 44300.42 43351.954 2743.1755
latency (ms)
x 10 1.07 1.4 1.19 1.206 0.099911072
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 10120.76 12979.9 12727.41 12290.594 891.67524
latency (ms)
x 10 3.88 5.02 3.98 4.128 0.34726871
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 334.64 370.86 363.77 356.733 13.667706
latency (ms)
x 10 142.49 158.27 147.04 148.176 5.8598297
- nginx: 1.11.10
- ModSecurity: v3/dev/parser (8b8fd84)
- ModSecurity-nginx: v3/dev/parser (9f6d3a7)
- environment: 12-core KVM/libvirt VM on bare-metal server (Intel Xeon E5645 2.4GHz, 24 cores total)
- configuration details:
- nginx:
worker_processes 6; worker_cpu_affinity 111111000000; - wrk:
taskset -c 0-5 wrk -t6 -c600 -d30s(10 iterations)
Summary for /modsec-off, RPS (count):
N Min Max Median Avg Stddev
x 10 87538.41 97062.44 93506.49 92832.83 2717.0839
latency (ms)
x 10 6.22 6.88 6.49 6.508 0.21054427
Summary for /modsec-light, RPS (count):
N Min Max Median Avg Stddev
x 10 27984.07 31588.76 31013.95 30484.634 1151.9494
latency (ms)
x 10 18.98 21.57 20.06 20.01 0.81266366
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 164.5 251.93 181.79 191.226 28.760167
latency (ms)
x 10 197.41 429.26 330.67 308.639 73.228166
The numbers for /modsec-off and /modsec-light with multi-worker nginx setup are significantly better than in single-worker mode, but /modsec-full does not show any difference. In the process of investigation it turned out that disabling audit log (by setting SecAuditEngine Off) greatly improves overall performance with OWASP CRS v3.0.0 loaded:
Summary for /modsec-full, RPS (count):
N Min Max Median Avg Stddev
x 10 577.99 864.63 854.69 823.902 87.17359
latency (ms)
x 10 633.42 730.81 646.95 654.834 28.487218
Further investigation showed that in case of SecAuditEngine RelevantOnly only one CPU core (among the set of cores nginx is using according to worker_cpu_affinity) is 100% busy:
With SecAuditEngine Off, all cores that are being used by nginx are constantly busy:
