My guess is that it is related to the initcol at the end of the 10 config file. This is used to setup the IP collection for other rules to use. While this is helpful, I think it is causing these types of perf issues on high traffic sites as it is forcing ModSec to create a persistent collection for ALL request.
Try commenting out the final initcol SecRule at the end of the 10 file and see if it helps. We will think of a better approach. Ryan On Oct 24, 2011, at 2:30 PM, "rm4dillo D" <[email protected]> wrote: > Hi, > > I recently installed ModSecurity with CRS 2.2.2 (base rules only, paranoid > mode set to off and SecResponseBodyAccess to off too) on a high traffic > server and the CPU usage almost reached 100% while it's usually around 2 to > 5% and I have no errors. > > By disabling mod_security_crs_4[01]* rules (generic, xss, sqli) it's way > better but not really useful :). > > Any clues? Does someone benchmark the rules before every release? > > Thanks. > > Rm4dillo > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
