we are using
Nginx version 1.12.2
openssl-1.1.0g
Nginx- Modsecurity 3.0
owasp-modsecurity-crs-3.0-master (Core Rule Set)
we are using nginx and the load average is shooting up more than 1 with 2 cores for 50 domains
Hi,
Can you confirm if you are using the latest codebase for libModSecurity (i.e. current release)
If yes, check if the issue persists with the current the v3/dev/performance branch. This branch has a number of performance improvements which are currently being tested and might help with the issue you're facing.
I've been evaluating libModSecurity and getting poor performance / high cpu load using a build of v3/master and the owasp crs.
Just made a build from v3/dev/performance and it's performing wonderfully.
I've just been seeing this too, 100% cpu usage when enabling CRS on nginx for a single request! Do we know when/if the fixes in v3/dev/performance will make it into master @victorhora ?
I'm getting the following error with the build from v3/dev/performance branch on centos 7:
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf. Line: 169. Column: 390. Invalid variable: MULTIPART_SEMICOLON_MISSING},\ in /etc/nginx/conf.d/default.conf:9
nginx: configuration file /etc/nginx/nginx.conf test failed
nginx: v1.13.0
CRS: v3.0.2
@edieship take a look on this one: https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/995
You should apply the patch from that PR to your CRS.
@defanator Thanks!
Hey @edieship you might be interested in https://github.com/kubernetes/ingress-nginx/pull/1996 - basically we had this problem on the ingress nginx.
I found a specific version of modsecurity + owasp CRS that worked (check the changed files)
@Stono , thanks a lot, that works.
I've been evaluating libModSecurity and getting poor performance / high cpu load using a build of v3/master and the owasp crs.
Just made a build from v3/dev/performance and it's performing wonderfully.
I cannot find this branch.
I still face the issue. I have 98 sites hosted on my server (most of the content is CDN + static). Turning on modsecurity will make nginx reach 100% CPU.
root 2649 0.0 45.8 1949448 1825280 ? Ss 11:07 0:00 nginx: master process /usr/sbin/nginx
nginx 2650 0.0 45.9 1950956 1827908 ? S 11:07 0:00 nginx: worker process
nginx 2653 0.0 45.9 1950956 1827908 ? S 11:07 0:00 nginx: worker process
I'm using the latest modules:
https://github.com/SpiderLabs/ModSecurity - v3/master
https://github.com/SpiderLabs/ModSecurity-nginx.git
https://github.com/SpiderLabs/owasp-modsecurity-crs.git
Turning off the modsecurity inside nginx's conf files ("modsecurity off;") will work perfectly.
Also, "nginx -t" or "nginx reload" takes lots of time when modsecurity is enabled.
Ideas?
I've been evaluating libModSecurity and getting poor performance / high cpu load using a build of v3/master and the owasp crs.
Just made a build from v3/dev/performance and it's performing wonderfully.I cannot find this branch.
I still face the issue. I have 98 sites hosted on my server (most of the content is CDN + static). Turning on modsecurity will make nginx reach 100% CPU.
root 2649 0.0 45.8 1949448 1825280 ? Ss 11:07 0:00 nginx: master process /usr/sbin/nginx
nginx 2650 0.0 45.9 1950956 1827908 ? S 11:07 0:00 nginx: worker process
nginx 2653 0.0 45.9 1950956 1827908 ? S 11:07 0:00 nginx: worker processI'm using the latest modules:
https://github.com/SpiderLabs/ModSecurity - v3/master
https://github.com/SpiderLabs/ModSecurity-nginx.git
https://github.com/SpiderLabs/owasp-modsecurity-crs.gitTurning off the modsecurity inside nginx's conf files ("modsecurity off;") will work perfectly.
Also, "nginx -t" or "nginx reload" takes lots of time when modsecurity is enabled.
Ideas?
nginx/1.17.9 modsecurity-nginx-v1.0.0 modsecurity-v3.0.3 owasp-modsecurity-crs-3.2.0
The Worker process 100% CPU.
Most helpful comment
nginx/1.17.9 modsecurity-nginx-v1.0.0 modsecurity-v3.0.3 owasp-modsecurity-crs-3.2.0
The Worker process 100% CPU.