ModSecurity Breach

ModSecurity Blog

« ModSecurity 1.9 article on O'Reilly Network | Main | ModSecurity Rules subproject added »

Massive performance improvements for Apache 1.x users in ModSecurity 1.9.2-rc2

Some ModSecurity users like to run really large rule sets, where the number of rules runs into thousands. (No, I don't think ModSecurity should be used with such large rule sets but I'll talk about that some other time.) But there is a problem. Where Apache 2.x relies on PCRE (http://www.pcre.org) for regular expression processing, Apache 1.x uses a much slower internal regex library. And when I say much slower I mean several times slower. Slower speed in the Apache 1.x branch is not a problem for normal use but it is a problem when there are many rules to process on every request.

The most recent release of ModSecurity, 1.9.2-rc2, makes it possible to compile ModSecurity against PCRE even if you are an Apache 1.x user, thus gaining the same regex processing speed as the Apache 2.x users.

In other news, it is now also possible to disable process creation through suEXEC (compile with -DDISABLE_SUEXEC).

Calendar

November 2010
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

Feeds

Atom Feed

Search

Categories

Recent Entries

Archives