Is there a way to check how much time to go over all rules in modsecurity

Question

Is there a way to check how much time to go over all rules in modsecurity

jingzhao-self opened this issue 2 years ago · 2 comments

Hi team,
Right now I have some performance issues after modsecurity is on, and don't know how to get process time of modsecurity rules on each http request, is there a way to show it?
I have checked $request_time in nginx log but it seems not include modsecurity process time.
Thanks

Answer 1 · 2022-08-25T07:50:22.000Z

May be it can help (and may be cannot), there is a tool: ftwrunner (there is a beta version of new release).

It uses the test case format of CRS. With this, you can make a request in that format, and can measure the runtime. Also you can remove rules, if you are sure those aren't effected.

Answer 2 · 2022-08-30T21:05:47.000Z

Hello @jingzhao-self ,

WIth ModSecurity v3, there are a few options, one of the simplest is using the DURATION variable. Outputting that value at selected points in your rule set can help narrow down where your most substantial performance issues are.

Another tool (besides the one already mentioned above) that you could consider experimenting with is referenced here: owasp-modsecurity/ModSecurity#1011 (comment)