Modsecurity generates a lot of disk io operations, and the file www-data-ip.pag is read and written continuously.
Is there any solution that can effectively reduce this? Could it be moved to RAM in some way?
Asked
Active
Viewed 107 times
0
AndreaF
- 205
- 1
- 8
1 Answers
1
You can use the https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#secdatadir directive, pointing to a previously created directory in ram:
mkdir -p /mnt/ramdisk/modsecurity
mount -t tmpfs -o size=1024m tmpfs /mnt/ramdisk/modsecurity
And
SecDataDir /mnt/ramdisk/modsecurity
(check permissions in that directory, that apache user can create files, etc) And remember to doing it permanent in /etc/fstab:
tmpfs /mnt/ramdisk/modsecurity tmpfs nodev,nosuid,noexec,nodiratime,size=1024M
The weird part is the "note" in the SecDataDir directive:
Note : SecDataDir is not currently supported. Collections are kept in memory (in_memory-per_process) for now.
Additional information (how to read the file, and some additional concurrency problems) can be seen in https://github.com/SpiderLabs/ModSecurity/issues/2240.
Felipe
- 51
- 4