Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: [ANNOUNCE] mod_security 1.5 released

Re: [ANNOUNCE] mod_security 1.5 released

From: Ivan Ristic <ivanr_at_webkreator.com>
Date: Tue, 03 Jun 2003 21:01:16 +0100

r e m a l . c o m wrote:
> hi, the features are wonderful...
> i installed the mod on one of the web servers, before the installion the
> load avrg was 1 to 2
> after installing mod_security, the load went crazy to something like 40 to
> 60 !

   Assuming it isn't a bug of some kind, you have to be careful
   with filters, especially if there are large POST payloads being
   transmitted.

   How many requests are you serving per second? Also, you should
   check whether you are still logging debug info, there is a *lot*
   of logging going on. That alone could bring your web server down
   to a crawl.

   To turn off debug logging simply comment the "SecFilterDebugLog"
   and "SecFilterDebugLevel" directives.

   Why don't you send me your configuration to my email address (or
   even better, to mod-security-users_at_lists.sourceforge.net) and we
   will take it from there?

Bye,
Ivan
Received on Jun 03 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos