Nick Kew wrote:
On 29 May 2007, at 22:31, Marc Perkel wrote:
I'm running FC6 and added mod_security using the default rule set and
the load level on the system is about 5 times higher than without it.
I'm wondering what rule sets I might disable that would give me some
security without slowing the server down to a crawl. Could use some
practical advice.
What are you protecting? A jump that big suggests the possibility
that your
contents may be predominantly static. In which case, turn
mod_security off!
The really big performance hit with mod_security is if you scan request
and/or response bodies with it. And I can't see how you could
usefully apply
any default ruleset to that.
Probably people with older versions of php/mysql apps like phpbb that
are exploitable. Mostly protecting against request/post expliots rather
than filtering outgoing content.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
