I was looking at all the owasp rules for mod_security. How badly does it slow your loading time down if you use them all?
What would be the recommended packages to use? I want to mostly block bad UA, SQL and XSS attacks.
Asked
Active
Viewed 188 times
0
-
It's up to *you* to benchmark this on *your* system if you want any meaningful information. – John Gardeniers Oct 31 '12 at 06:36
1 Answers
1
I went through adding the rules from the Core Rule Set in one at a time and watching closely for false positives. Plenty of the SQL and XSS rules cause false positives, depending on what your URLs look like.
As for slowing down the page loads, the audit log has timing information but I've not yet seen a whole millisecond caused by mod_security. I wouldn't worry too much about that.
As John said, both of these result may be different on your systems with your website.
Ladadadada
- 25,847
- 7
- 57
- 90
-
So the real issue will mostly be false positives then time loads. – Thompson Smith Oct 31 '12 at 15:34