首页 应用实战正文

CentOS下对安装不同ModSecurity版本的Nginx的并发性能测试结果

王子 应用实战 2021-04-09 9260 0

本文主要介绍在CentOS下,对安装ModSecurity 2.9.3与ModSecurity 3.0.4的Nginx分别进行并发性能测试,观察WAF造成的性能损耗。


结论:如果要在Nginx上使用ModSecurity,个人建议使用2.9.3版本。

最新结论(20220114):请勿在Nginx使用ModSecurity V2版本,V2版本与Nginx存在兼容问题,且目前官方团队明确表示不会进行修复。


测试环境:

1、两台虚拟机,配置同为2核CPU、1G内存、20G硬盘;

2、IP为192.168.142.134的虚机环境为Nginx+ModSecurity 2.9.3,IP为192.168.142.136的虚机环境为Nginx+ModSecurity 3.0.4;

2、Nginx仅进行最小化简单安装,不进行任何性能优化,直接对html进行测试,安装流程完全参照CentOS下Nginx+ModSecurity(2.9.3)安装教程及配置WAF规则文件CentOS下Nginx+ModSecurity(3.0.x)安装教程及配置WAF规则文件

3、分别对不开启WAF、开启WAF并配置全部规则、开启WAF但删除非必要规则三种情景进行测试;

4、使用并发100,总量10000的访问进行测试(ab -c 100 -n 10000 URL),每项共测试10次,取最优结果。


不开启WAF的测试结果

不开启WAF的情况下,192.168.142.134虚机的QPS最大为4190.11,192.168.142.136虚机的QPS最大为4024.15,结果不分伯仲。

192.168.142.134虚机的详细测试数据如下:

Server Software:        nginx/1.16.1
Server Hostname:        192.168.142.134
Server Port:            80

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      100
Time taken for tests:   2.387 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      8450000 bytes
HTML transferred:       6120000 bytes
Requests per second:    4190.11 [#/sec] (mean)
Time per request:       23.866 [ms] (mean)
Time per request:       0.239 [ms] (mean, across all concurrent requests)
Transfer rate:          3457.66 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.4      0       3
Processing:     1   23   3.7     24      36
Waiting:        1   16   5.0     16      34
Total:          1   24   3.7     24      36

Percentage of the requests served within a certain time (ms)
  50%     24
  66%     26
  75%     27
  80%     27
  90%     27
  95%     29
  98%     31
  99%     33
 100%     36 (longest request)


192.168.142.136虚机的详细测试数据如下:

Server Software:        nginx/1.16.1
Server Hostname:        192.168.142.136
Server Port:            80

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      100
Time taken for tests:   2.485 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      8450000 bytes
HTML transferred:       6120000 bytes
Requests per second:    4024.15 [#/sec] (mean)
Time per request:       24.850 [ms] (mean)
Time per request:       0.248 [ms] (mean, across all concurrent requests)
Transfer rate:          3320.71 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.5      0       3
Processing:     1   24   4.7     24      39
Waiting:        0   17   6.1     17      36
Total:          1   25   4.7     24      39

Percentage of the requests served within a certain time (ms)
  50%     24
  66%     26
  75%     28
  80%     29
  90%     31
  95%     33
  98%     35
  99%     36
 100%     39 (longest request)



开启WAF并配置全部规则的测试结果

开启WAF并配置全部规则的情况下,192.168.142.134虚机(Nginx+ModSecurity 2.9.3)的QPS最大为1092.41,192.168.142.136虚机(Nginx+ModSecurity 3.0.4)的QPS最大为419.95,数据相差明显。

192.168.142.134虚机(Nginx+ModSecurity 2.9.3)的详细测试数据如下:

Server Software:        nginx/1.16.1
Server Hostname:        192.168.142.134
Server Port:            80

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      100
Time taken for tests:   9.154 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      8450000 bytes
HTML transferred:       6120000 bytes
Requests per second:    1092.41 [#/sec] (mean)
Time per request:       91.541 [ms] (mean)
Time per request:       0.915 [ms] (mean, across all concurrent requests)
Transfer rate:          901.45 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   1.0      1      17
Processing:    15   90  15.6     88     176
Waiting:        1   62  26.3     64     155
Total:         16   91  15.6     89     176

Percentage of the requests served within a certain time (ms)
  50%     89
  66%     93
  75%     97
  80%     99
  90%    110
  95%    118
  98%    137
  99%    140
 100%    176 (longest request)


192.168.142.136虚机(Nginx+ModSecurity 3.0.4)的详细数据如下:

Server Software:        nginx/1.16.1
Server Hostname:        192.168.142.136
Server Port:            80

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      100
Time taken for tests:   23.812 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      8450000 bytes
HTML transferred:       6120000 bytes
Requests per second:    419.95 [#/sec] (mean)
Time per request:       238.123 [ms] (mean)
Time per request:       2.381 [ms] (mean, across all concurrent requests)
Transfer rate:          346.54 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   1.5      1      17
Processing:   130  235  15.0    237     287
Waiting:       23  233  19.3    237     287
Total:        131  236  14.9    239     289

Percentage of the requests served within a certain time (ms)
  50%    239
  66%    241
  75%    242
  80%    243
  90%    246
  95%    249
  98%    257
  99%    261
 100%    289 (longest request)


开启WAF但删除非必要规则的测试结果

将规则文件903.*、934、944、952、954删除后,192.168.142.134虚机(Nginx+ModSecurity 2.9.3)的QPS最大为1264.68,较开启全部规则时略有上升;192.168.142.136虚机(Nginx+ModSecurity 3.0.4)的QPS最大为418.37,无任何提升。

192.168.142.134虚机(Nginx+ModSecurity 2.9.3)的详细测试数据如下:

Server Software:        nginx/1.16.1
Server Hostname:        192.168.142.134
Server Port:            80

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      100
Time taken for tests:   7.907 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      8450000 bytes
HTML transferred:       6120000 bytes
Requests per second:    1264.68 [#/sec] (mean)
Time per request:       79.071 [ms] (mean)
Time per request:       0.791 [ms] (mean, across all concurrent requests)
Transfer rate:          1043.61 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   0.9      1      19
Processing:    28   78  15.8     76     140
Waiting:        2   57  22.2     60     134
Total:         28   78  15.9     77     141

Percentage of the requests served within a certain time (ms)
  50%     77
  66%     81
  75%     84
  80%     87
  90%     99
  95%    108
  98%    121
  99%    131
 100%    141 (longest request)


192.168.142.136虚机(Nginx+ModSecurity 3.0.4)的详细测试数据如下:

Server Software:        nginx/1.16.1
Server Hostname:        192.168.142.136
Server Port:            80

Document Path:          /
Document Length:        612 bytes

Concurrency Level:      100
Time taken for tests:   23.902 seconds
Complete requests:      10000
Failed requests:        0
Write errors:           0
Total transferred:      8450000 bytes
HTML transferred:       6120000 bytes
Requests per second:    418.37 [#/sec] (mean)
Time per request:       239.022 [ms] (mean)
Time per request:       2.390 [ms] (mean, across all concurrent requests)
Transfer rate:          345.24 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   1.3      1      17
Processing:   138  235  24.1    233     406
Waiting:        2  229  38.1    232     405
Total:        139  237  24.0    234     407

Percentage of the requests served within a certain time (ms)
  50%    234
  66%    237
  75%    239
  80%    241
  90%    247
  95%    266
  98%    312
  99%    342
 100%    407 (longest request)


版权声明

本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。