Skip to main content

Performance of mod_security2, mod_unique_id, and modsec2-rules-owasp-crs

Comments

2 comments

  • andrew.n
    I think mod_security could definitely help as it can prevent malicious codes to be run while CSF is more protecting you from attacks and brute forces so both have different use. You can of course install and activate different ruleset so it's not a must to you owasp. If you use strong passwords, make sure your CMS are up to date, maybe utilise even WorldFence then you might be able to get rid of mod security. If I can ensure my scripts/softwares are up to date and modsec influence my performance I would happily get rid of it :)
    0
  • cPRex Jurassic Moderator
    CSF and ModSecurity definitely perform different functions, so I wouldn't base the decision on both of these being present. I would try this: make sure your site code is up to date and do a series of tests, both with and without ModSec enabled. This will let you know if you see a performance hit on your machine. I'm not sure it's fair to say overall that *every* server will have a noticeable performance change with or without ModSec running, so it's best to check this in real-time on the actual machine in question. That will give you the best results possible, and then you'll have real data to back up your choice.
    0

Please sign in to leave a comment.