ModSecurity Trustwave
This blog has moved! Please update your
bookmarks to

ModSecurity Blog: December 2005

Massive performance improvements for Apache 1.x users in ModSecurity 1.9.2-rc2

Some ModSecurity users like to run really large rule sets, where the number of rules runs into thousands. (No, I don't think ModSecurity should be used with such large rule sets but I'll talk about that some other time.) But there is a problem. Where Apache 2.x relies on PCRE ( for regular expression processing, Apache 1.x uses a much slower internal regex library. And when I say much slower I mean several times slower. Slower speed in the Apache 1.x branch is not a problem for normal use but it is a problem when there are many rules to process on every request.

The most recent release of ModSecurity, 1.9.2-rc2, makes it possible to compile ModSecurity against PCRE even if you are an Apache 1.x user, thus gaining the same regex processing speed as the Apache 2.x users.

In other news, it is now also possible to disable process creation through suEXEC (compile with -DDISABLE_SUEXEC).

ModSecurity 1.9 article on O'Reilly Network

My article ("What's New in ModSecurity"), which describes the most important improvements in 1.9, has just been published on O'Reilly Network. It covers the rule engine enhancements, real-time audit log aggregation facilities, and the stateful request monitoring features. It's a good read if you've been running 1.8.x and want to catch-up.


November 2010
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30


Atom Feed



Recent Entries