apache2安装了mod-security2，如何能查看是不是生效

Posted 2023-03-21

参考技术A 今天针对apache 2.0.55的web服务器进行了一次并发的测试.使用的测试工具就是ab .
这个软件就是apache自己带的软件全名叫- Apache HTTP server benchmarking tool.
这次测试的主要目的就是看在加入了modsecurity后.对系统和页面的影响.
测试设备:
[root@ apache2]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 0
siblings : 2
runqueue : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02

processor : 1
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 0
siblings : 2
runqueue : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02

processor : 2
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 3
siblings : 2
runqueue : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02

processor : 3
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 3
siblings : 2
runqueue : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02

[root@ apache2]#

[root@ proc]# cat meminfo
total: used: free: shared: buffers: cached:
Mem: 1049460736 974082048 75378688 0 144801792 554790912
Swap: 2097434624 159117312 1938317312
MemTotal: 1024864 kB
MemFree: 73612 kB
MemShared: 0 kB
Buffers: 141408 kB
Cached: 519308 kB
SwapCached: 22480 kB
Active: 578528 kB
ActiveAnon: 390320 kB
ActiveCache: 188208 kB
Inact_dirty: 114164 kB
Inact_laundry: 19136 kB
Inact_clean: 15672 kB
Inact_target: 145500 kB
HighTotal: 130496 kB
HighFree: 25924 kB
LowTotal: 894368 kB
LowFree: 47688 kB
SwapTotal: 2048276 kB
SwapFree: 1892888 kB
CommitLimit: 2560708 kB
Committed_AS: 1342084 kB
HugePages_Total: 0
HugePages_Free: 0
Hugepagesize: 2048 kB
[root@ proc]#
测试命令以及方法:
事先关闭modsecurity 模块.然后执行下面语句:
[root@ bin]# ab -n 10000 -c 1000 \ 127.0.0.1:80/5/index.php?customerid=1%20or%20customerid=2

This is ApacheBench, Version 2.0.40-dev <$Revision: 1.121.2.1 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests

Server Software: Apache/2.0.55
Server Hostname: 127.0.0.1
Server Port: 80

Document Path: /5/index.php?customerid=1%20or%20customerid=2
Document Length: 44 bytes

Concurrency Level: 1000
Time taken for tests: 149.2233 seconds
Complete requests: 10000
Failed requests: 716
(Connect: 0, Length: 716, Exceptions: 0)
Write errors: 0
Total transferred: 2456828 bytes
html transferred: 606112 bytes
Requests per second: 67.11 [#/sec] (mean)
Time per request: 14900.223 [ms] (mean)
Time per request: 14.900 [ms] (mean, across all concurrent requests)
Transfer rate: 16.10 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 14 209.1 0 3000
Processing: 72 13764 3053.4 15179 21170
Waiting: 34 8258 3933.4 9105 21136
Total: 72 13779 3052.1 15179 21170

Percentage of the requests served within a certain time (ms)
50% 15179
66% 15187
75% 15190
80% 15195
90% 15209
95% 15219
98% 18171
99% 21152
100% 21170 (longest request)
[root@ bin]#

加入modsecurity 后进行的测试:

[root@ bin]# ab -n 10000 -c 10000 \ 127.0.0.1:80/5/index.php?customerid=1%20or%20customerid=2

This is ApacheBench, Version 2.0.40-dev <$Revision: 1.121.2.1 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient)
socket: Too many open files (24)
[root@yjjgdb bin]# ab -n 10000 -c 1000 127.0.0.1:80/5/index.php?customerid=1%20or%20customerid=2
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.121.2.1 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests

Server Software: Apache/2.0.55
Server Hostname: 127.0.0.1
Server Port: 80

Document Path: /5/index.php?customerid=1%20or%20customerid=2
Document Length: 44 bytes

Concurrency Level: 1000
Time taken for tests: 143.486268 seconds
Complete requests: 10000
Failed requests: 813
(Connect: 0, Length: 813, Exceptions: 0)
Write errors: 0
Total transferred: 2479429 bytes
HTML transferred: 628616 bytes
Requests per second: 69.69 [#/sec] (mean)
Time per request: 14348.627 [ms] (mean)
Time per request: 14.349 [ms] (mean, across all concurrent requests)
Transfer rate: 16.87 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 14 204.8 0 2999
Processing: 91 13726 2907.0 15220 18185
Waiting: 39 8043 3939.4 9106 15250
Total: 91 13740 2904.5 15220 18253

Percentage of the requests served within a certain time (ms)
50% 15220
66% 15236
75% 15241
80% 15245
90% 15261
95% 15269
98% 15292
99% 15297
100% 18253 (longest request)
[root@ bin]#

从上面的数据来看基本上是没有太多的区别.这个结果叫我感觉非常满意.能够叫我有更坚定的信心来写完这个文档了:)

我需要使用 HTTP2 安装/启用 ALPN 吗？如何为 apache2 ubuntu 16.04 做呢？

【中文标题】我需要使用 HTTP2 安装/启用 ALPN 吗？如何为 apache2 ubuntu 16.04 做呢？

【英文标题】：Do I need to install/enable ALPN with HTTP2? How to do it for apache2 ubuntu 16.04?

【发布时间】：2017-06-03 05:58:47

【问题描述】：

我刚刚在我的 ubuntu 16.04 服务器上启用了 http2。当我在https://tools.keycdn.com/http2-test 上运行测试时，它会验证 http2 是否受支持，但也会发出“不支持 ALPN”的警告。

我真的需要 ALPN 来获得 http2 的好处吗？如果是，我该如何安装它？我找不到安装/启用/激活 ALPN 的方法。

【参考方案1】：

Chrome 要求 ALPN 用于 HTTPS，因为它已经贬低了其前身 (NPN)：https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/

我相信（目前）其他浏览器仍然支持使用 NPN 的 HTTP/2。

要使用 ALPN，您需要使用 OpenSSL 1.0.2 或更高版本编译您的网络服务器。根据上面的链接，Ubuntu 16.04 确实支持这个。

【讨论】：

我在 16.04 上使用 apt-get install apache2 安装了 apache，但测试显示不支持 ALPN。是否有命令检查服务器本身？

看起来 Ubuntu 还不支持 Apache 上的 HTTP/2 (wiki.ubuntu.com/XenialXerus/…) 那么您是如何启用它的呢？

是的，你是对的。 Ubuntu 还不支持 HTTP/2。我在 SO ***.com/a/37865176/1325686

上使用此答案安装

当您重新启动时，您在错误 og 中看到了什么，因为它应该显示 openssl 版本？您是否尝试过“sudo apt-get update && sudo apt-get upgrade”来安装所有最新更新？