是否使用modsecurity 的时候apache 的性能测试
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了是否使用modsecurity 的时候apache 的性能测试相关的知识,希望对你有一定的参考价值。
参考技术A 今天针对apache 2.0.55的web服务器进行了一次并发的测试.使用的测试工具就是ab .这个软件就是apache自己带的软件全名叫- Apache HTTP server benchmarking tool.
这次测试的主要目的就是看在加入了modsecurity后.对系统和页面的影响.
测试设备:
[root@ apache2]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 0
siblings : 2
runqueue : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02
processor : 1
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 0
siblings : 2
runqueue : 0
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02
processor : 2
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 3
siblings : 2
runqueue : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02
processor : 3
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Xeon(TM) CPU 2.40GHz
stepping : 9
cpu MHz : 2392.090
cache size : 512 KB
physical id : 3
siblings : 2
runqueue : 2
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm
bogomips : 4771.02
[root@ apache2]#
[root@ proc]# cat meminfo
total: used: free: shared: buffers: cached:
Mem: 1049460736 974082048 75378688 0 144801792 554790912
Swap: 2097434624 159117312 1938317312
MemTotal: 1024864 kB
MemFree: 73612 kB
MemShared: 0 kB
Buffers: 141408 kB
Cached: 519308 kB
SwapCached: 22480 kB
Active: 578528 kB
ActiveAnon: 390320 kB
ActiveCache: 188208 kB
Inact_dirty: 114164 kB
Inact_laundry: 19136 kB
Inact_clean: 15672 kB
Inact_target: 145500 kB
HighTotal: 130496 kB
HighFree: 25924 kB
LowTotal: 894368 kB
LowFree: 47688 kB
SwapTotal: 2048276 kB
SwapFree: 1892888 kB
CommitLimit: 2560708 kB
Committed_AS: 1342084 kB
HugePages_Total: 0
HugePages_Free: 0
Hugepagesize: 2048 kB
[root@ proc]#
测试命令以及方法:
事先关闭modsecurity 模块.然后执行下面语句:
[root@ bin]# ab -n 10000 -c 1000 \ 127.0.0.1:80/5/index.php?customerid=1%20or%20customerid=2
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.121.2.1 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking 127.0.0.1 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests
Server Software: Apache/2.0.55
Server Hostname: 127.0.0.1
Server Port: 80
Document Path: /5/index.php?customerid=1%20or%20customerid=2
Document Length: 44 bytes
Concurrency Level: 1000
Time taken for tests: 149.2233 seconds
Complete requests: 10000
Failed requests: 716
(Connect: 0, Length: 716, Exceptions: 0)
Write errors: 0
Total transferred: 2456828 bytes
html transferred: 606112 bytes
Requests per second: 67.11 [#/sec] (mean)
Time per request: 14900.223 [ms] (mean)
Time per request: 14.900 [ms] (mean, across all concurrent requests)
Transfer rate: 16.10 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 14 209.1 0 3000
Processing: 72 13764 3053.4 15179 21170
Waiting: 34 8258 3933.4 9105 21136
Total: 72 13779 3052.1 15179 21170
Percentage of the requests served within a certain time (ms)
50% 15179
66% 15187
75% 15190
80% 15195
90% 15209
95% 15219
98% 18171
99% 21152
100% 21170 (longest request)
[root@ bin]#
加入modsecurity 后进行的测试:
[root@ bin]# ab -n 10000 -c 10000 \ 127.0.0.1:80/5/index.php?customerid=1%20or%20customerid=2
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.121.2.1 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking 127.0.0.1 (be patient)
socket: Too many open files (24)
[root@yjjgdb bin]# ab -n 10000 -c 1000 127.0.0.1:80/5/index.php?customerid=1%20or%20customerid=2
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.121.2.1 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/
Benchmarking 127.0.0.1 (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests
Server Software: Apache/2.0.55
Server Hostname: 127.0.0.1
Server Port: 80
Document Path: /5/index.php?customerid=1%20or%20customerid=2
Document Length: 44 bytes
Concurrency Level: 1000
Time taken for tests: 143.486268 seconds
Complete requests: 10000
Failed requests: 813
(Connect: 0, Length: 813, Exceptions: 0)
Write errors: 0
Total transferred: 2479429 bytes
HTML transferred: 628616 bytes
Requests per second: 69.69 [#/sec] (mean)
Time per request: 14348.627 [ms] (mean)
Time per request: 14.349 [ms] (mean, across all concurrent requests)
Transfer rate: 16.87 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 14 204.8 0 2999
Processing: 91 13726 2907.0 15220 18185
Waiting: 39 8043 3939.4 9106 15250
Total: 91 13740 2904.5 15220 18253
Percentage of the requests served within a certain time (ms)
50% 15220
66% 15236
75% 15241
80% 15245
90% 15261
95% 15269
98% 15292
99% 15297
100% 18253 (longest request)
[root@ bin]#
从上面的数据来看基本上是没有太多的区别.这个结果叫我感觉非常满意.能够叫我有更坚定的信心来写完这个文档了:)本回答被提问者和网友采纳
特定 uri 的 ModSecurity 白名单
【中文标题】特定 uri 的 ModSecurity 白名单【英文标题】:ModSecurity Whitelisting for specific uri 【发布时间】:2022-01-09 14:14:22 【问题描述】:我已经在 CentOS 7 上设置了 Apache2 + PHP5
我的 Web 应用程序的一些 PHP,它们接受 UUID 作为 GET 参数,这违反了 ModSecurity URI 模式。
我想设置 ModSecurity 以绕过特定 URI 的安全检查。 我该怎么做?
谢谢!
【问题讨论】:
【参考方案1】:您可以像这样创建排除规则:
SecRule REQUEST_FILENAME "@endsWith /dir/script.php" \
"id:1000,\
phase:2,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveTargetById=932130;ARGS:get_or_post_parameter,\
ctl:ruleRemoveTargetById=941100;ARGS:get_or_post_parameter,\
ctl:ruleRemoveTargetById=932130;ARGS:get_or_post_parameter2"
在第一行设置您的 URI,并在规则末尾添加规则 ID 和 GET/POST 参数名称对的排除项(如上例所示)。最后,将规则放入文件 REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf 中。
【讨论】:
问题已解决。谢谢!以上是关于是否使用modsecurity 的时候apache 的性能测试的主要内容,如果未能解决你的问题,请参考以下文章
在ubuntu16.04中安装apache2+modsecurity以及自定义WAF规则详解