{"id":16389059,"url":"https://github.com/defanator/modsecurity-performance","last_synced_at":"2025-03-21T02:31:48.372Z","repository":{"id":147154779,"uuid":"83456301","full_name":"defanator/modsecurity-performance","owner":"defanator","description":"Vagrant-based configurations intended for ModSecurity performance testing","archived":false,"fork":false,"pushed_at":"2023-12-08T12:32:46.000Z","size":806,"stargazers_count":27,"open_issues_count":0,"forks_count":3,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-10-12T04:31:11.779Z","etag":null,"topics":["benchmarking","benchmarks","modsecurity","nginx","performance","performance-testing"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/defanator.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-02-28T16:44:09.000Z","updated_at":"2023-12-07T03:51:07.000Z","dependencies_parsed_at":"2023-12-08T13:42:50.317Z","dependency_job_id":null,"html_url":"https://github.com/defanator/modsecurity-performance","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defanator%2Fmodsecurity-performance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defanator%2Fmodsecurity-performance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defanator%2Fmodsecurity-performance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/defanator%2Fmodsecurity-performance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/defanator","download_url":"https://codeload.github.com/defanator/modsecurity-performance/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221811386,"owners_count":16884305,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["benchmarking","benchmarks","modsecurity","nginx","performance","performance-testing"],"created_at":"2024-10-11T04:31:04.246Z","updated_at":"2024-10-28T09:09:49.304Z","avatar_url":"https://github.com/defanator.png","language":"Python","readme":"# About\n\nThis repository contains a number of configurations (represented\nin SaltStack states and Vagrantfile descriptions) that can be used\nto test performance of\n[ModSecurity](https://github.com/SpiderLabs/ModSecurity)\nwith various connectors, primarily\n[ModSecurity-nginx](https://github.com/SpiderLabs/ModSecurity-nginx).\n\n## Prerequisites\n\n * [Vagrant](https://www.vagrantup.com/)\n * your favorite virtualization plug-in for Vagrant\n\n[VirtualBox](https://www.virtualbox.org/)\nis known to work on MacOS/Linux-based laptops, while\n[KVM/libvirt](https://github.com/vagrant-libvirt/vagrant-libvirt)\nis probably the best choice for servers.\n\n## How to use\n\n1. Adjust\n[pillars/versions.sls](https://github.com/defanator/modsecurity-performance/blob/master/pillars/versions.sls)\nif you want to build some custom versions/revisions/branches\nof either ModSecurity or ModSecurity-nginx.\n\n2. Prepare VM (could take some time as this step includes\ncompilation of all the prerequisites required for testing:\nlibmodsecurity and ModSecurity-nginx connector module):\n\n    ```\n    vagrant up\n    ```\n\n    For the reference:\n\n    * on libvirt-based 12-core VM (backed by bare-metal server with 24-core\nXeon E5645 2.4Ghz) provisioning takes about 7 minutes\n    * on VirtualBox-based 2-core VM (backed by early 2015 MBP A1502 2-core\ni5 2.9GHz) provisioning takes about 8.5 minutes\n\n3. Log in into the VM:\n\n    ```\n    vagrant ssh\n    ```\n\n4. Run a set of performance tests and get a summary:\n\n    ```\n    vagrant@vagrant:~$ sudo su -l test\n    test@vagrant:~$ ./perfrun.sh run\n    test@vagrant:~$ ./perfrun.sh stats\n    ```\n\n## What is being tested\n\nCurrently three locations are being benchmarked on locally configured\nnginx instance:\n\n* `/modsec-off/` - proxies all requests to local server with no additional\nprocessing\n\n* `/modsec-light/` - proxies all requests to local server with libmodsecurity\nturned on, but without any actual rules\n\n* `/modsec-full/` - proxies all requests to local server with libmodsecurity\nturned on and full OWASP CRS v3 loaded\n\nPlease refer to the [nginx.conf](https://github.com/defanator/modsecurity-performance/blob/master/states/files/etc/nginx/nginx.conf)\nfor the details.\n\n## Batch benchmarking\n\nIf you want to run benchmark for a particular subset of libmodsecurity\nchangesets, this can be done in a following way:\n\n    test@vagrant:~$ cat batchbench.revs \n    10c4f9b1b2476f71159fa5569d9238001760404c\n    9e9db08b874fe7c1200aafd95fe6bccd41148ae5\n    fa7973a4ef99b0d91122d16ffee51744288d037f\n    2988c5bb07c4a5ad434855413f20fec11008c818\n    63bef3d142b2ae25ed42d344c40729fb5f3d552e\n    d9d702f401c870bf399d8cd5bc4ae212c7d52195\n\n    test@vagrant:~$ ./batchbench.sh run\n    [..]\n\n    test@vagrant:~$ ./batchbench.sh stats\n    ;rps_avg,latency_avg,workers_utime_avg,revision,date,commit_log\n    530.57,787.49,17869.33,10c4f9b1b2476f71159fa5569d9238001760404c,2017-08-19 10:21:57 +0300,add a test for macro expansion in @rx\n    533.27,719.25,17855.33,9e9db08b874fe7c1200aafd95fe6bccd41148ae5,2017-08-19 11:16:54 +0300,add @rx macro expansion test to list in Makefile\n    29.81,1562.69,17968.00,fa7973a4ef99b0d91122d16ffee51744288d037f,2017-10-06 20:32:40 +0000,Removes a regex optimization added at #1536\n    28.26,1528.49,17946.33,2988c5bb07c4a5ad434855413f20fec11008c818,2017-10-06 20:35:09 +0000,CHANGES: add info about #1536\n    28.64,1495.39,17951.00,63bef3d142b2ae25ed42d344c40729fb5f3d552e,2017-10-03 20:50:02 +0000,Support to JSON stuff on serial logging\n    633.89,680.80,17829.33,d9d702f401c870bf399d8cd5bc4ae212c7d52195,2018-01-03 09:49:20 -0300,Fix the debuglogs for the regression tests\n\nBuild logs and raw wrk output will be in the `batch/` directory.\nPlease note that `batchbench.sh` uses separate script for launching wrk -\n[batchperfrun.sh](https://github.com/defanator/modsecurity-performance/blob/master/states/files/batchperfrun.sh)\n(e.g. it uses extended request with additional headers, it only tests `/modsec-full` location,\nand finally it uses more threads/connections for wrk).\n\n## Important notes\n\nPlease adjust nginx configuration and wrk parameters according to your environment and available resources.\nDefault values (like `worker_processes 1` in nginx.conf) most likely won't meet your expectations in some scenarios.\n\n## Sample results\n\nAvailable on [wiki](https://github.com/defanator/modsecurity-performance/wiki).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefanator%2Fmodsecurity-performance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdefanator%2Fmodsecurity-performance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdefanator%2Fmodsecurity-performance/lists"}