Hi, I recently installed ModSecurity with CRS 2.2.2 (base rules only, paranoid mode set to off and SecResponseBodyAccess to off too) on a high traffic server and the CPU usage almost reached 100% while it's usually around 2 to 5% and I have no errors.
By disabling mod_security_crs_4[01]* rules (generic, xss, sqli) it's way better but not really useful :). Any clues? Does someone benchmark the rules before every release? Thanks. Rm4dillo
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
