Performance numbers with CRS 4.0 #842
Replies: 3 comments
-
|
Hey! Thanks for your report I think we should provide build tags to select between multiple regex engines, including go-re2, and maybe even intel's hyperscan. Also we should do some research on re2 to check if it can be improved. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Juan, any numbers we have with crs 4.0 which help me understand nothing is incorrect in my test. I agree cgo interface is a challenge. Will check wsailibs .. they seem to be seem early stage A quick question do we keep regex compiled patterns in rules .. regexp.MustCompile and used that compiled pattern during match - (sorry I am still in path fimilarity with this code so can an obvious yes :)) |
Beta Was this translation helpful? Give feedback.
-
|
Wasilibs uses cgo for compilation mechanics when it comes to use a static
library but everything runs on wasm so I suggest you try it cc @anuraaga
…On Sun, 9 Jul 2023, 19:34 Mohit Joshi, ***@***.***> wrote:
Thanks Juan, any numbers we have with crs 4.0 which help me understand
nothing is incorrect in my test.
I agree cgo interface is a challenge. Will check wsailibs .. they seem to
be seem early stage
https://www.nightfall.ai/blog/best-go-regex-library -- seems interesting
article but again it will be cgo based (in cgo we had seen the golang
thread is handed over to cgo and slow matching creates a golang thread
storm -- there are ways to control it but is a problem
A quick question do we keep regex compiled patterns in rules ..
regexp.MustCompile and used that compiled pattern during match - (sorry I
am still in path fimilarity with this code so can an obvious yes :))
—
Reply to this email directly, view it on GitHub
<#842 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAVTAZWM7WQT6F5ACCDXPLTR5ANCNFSM6AAAAAA2DPPP5E>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I did a quick performance test -- numbers do not seem great. Wanted to check anyone done or fundamentally missing something here or doing incorrect. Or suggestions on how the performance test has been done on this or anyway off determining the offending regex which may be causing this
I am running a test which is generating traffic at the rate of 10 transactions per second for 60 seconds. The data is json data of 2k
(data pasted at the bottom has good number of json nested parameters).
Took a profiling sample of 15 seconds on a single cpu core (it was touching 80-90% cpu usage). Almost 14.54 seconds of 14.75 seconds have gone into doEvaluate of Rule of which mostly in regexp match)
json data
'{"Pricing":{"linux":"Linux","onDemand":"On-Demand","pricing":"pricing","perHour":"per Hour"},"InstanceTypesPage":{"actionStripe":{"actions":"Actions","downloadList":"Download list CSV","createLaunchTemplate":"Create launch template","launchInstance":"Launch instance"},"SplitScreen":{"EmptySplitScreen":"Select an instance type above","SelectedInstanceTypes":"Selected instance types"},"DetailsPage":{"NoInstanceType":"Instance type not found","Tabs":{" Details":"Details","Compute":"Compute","Networking":"Networking","Storage":"Storage","Accelerators":"Accelerators","Pricing":"Pricing"}},"instanceTypesBreadcrumb":"Instance types","Copied":"copied","attributeGroups":{"instanceDetails ":"Instance details","compute":"Compute","networking":"Networking","storage":"Storage","accelerators":"Accelerators"},"comparison":{"attribute":"Attribute"},"tableText":{"preferencesText":{"title":"Preferences","confirmLabel":"Confir m","cancelLabel":"Cancel","wrapLines":{"label":"Wrap lines","description":"If checked, text in table will continue onto the next line when there isnt enough space. If unchecked, text will be truncated if there isnt enough space."},"pageSizePreference":{"pageSizeLabel":"Page size","itemDescription":"Instance types"},"attributeColumnPreference":{"attributeTitle":"Attribute columns","attributeDescription":"Choose instance type attributes to display as columns in th e table","searchPlaceholder":"Search attribute columns"}},"loadingText":"Loading instance types","emptyText":"No instance types were found.","partialLoadingMessage":"Loading more instance type data","filteringText":{"tagGroupText":"T ags","groupPropertiesText":"Instance type attributes","clearFiltersText":"Clear filters","placeholderText":"Filter instance types","loadingText":"Loading more filter suggestions","errorText":"Issue enountered loading suggestions","gr oupValuesText":"Instance","numberRangeFilterModal":{"useAsRangeInputText":"Use as range input","header":"Add filter for ${attributeLabel}","confirmLabel":"Confirm","cancelLabel":"Cancel","placeholder":"Enter a number","errorEmptyValu e":"A value is required","errorIncorrectValueFormat":"Value must be a number"},"limitGroupText":"Ranges"},"sorting":{"sortingTemplate":"Sorting ${sortingColumn}, loaded (${resourceCount} resources)","cancelSorting":"Remove sorting"}}
The rules are
-rw-rw-r-- 1 root root 6810 Jul 2 14:19 RESPONSE-980-CORRELATION.conf
-rw-rw-r-- 1 root root 7531 Jul 2 14:19 RESPONSE-959-BLOCKING-EVALUATION.conf
-rw-rw-r-- 1 root root 18216 Jul 2 14:19 RESPONSE-955-WEB-SHELLS.conf
-rw-rw-r-- 1 root root 4444 Jul 2 14:19 RESPONSE-953-DATA-LEAKAGES-PHP.conf
-rw-rw-r-- 1 root root 3439 Jul 2 14:19 RESPONSE-952-DATA-LEAKAGES-JAVA.conf
-rw-rw-r-- 1 root root 6857 Jul 2 14:19 REQUEST-949-BLOCKING-EVALUATION.conf
-rw-rw-r-- 1 root root 12761 Jul 2 14:19 REQUEST-934-APPLICATION-ATTACK-GENERIC.conf
-rw-rw-r-- 1 root root 32987 Jul 2 14:19 REQUEST-933-APPLICATION-ATTACK-PHP.conf
-rw-rw-r-- 1 root root 1857 Jul 4 09:16 REQUEST-905-COMMON-EXCEPTIONS.conf
-rw-rw-r-- 1 root root 2868 Jul 4 12:03 REQUEST-911-METHOD-ENFORCEMENT.conf
-rw-rw-r-- 1 root root 7556 Jul 4 12:27 REQUEST-913-SCANNER-DETECTION.conf
-rw-rw-r-- 1 root root 56923 Jul 4 15:36 REQUEST-920-PROTOCOL-ENFORCEMENT.conf
-rw-rw-r-- 1 root root 14292 Jul 4 15:48 REQUEST-921-PROTOCOL-ATTACK.conf
-rw-rw-r-- 1 root root 7430 Jul 4 15:52 REQUEST-930-APPLICATION-ATTACK-LFI.conf
-rw-rw-r-- 1 root root 6016 Jul 4 15:54 REQUEST-931-APPLICATION-ATTACK-RFI.conf
-rw-rw-r-- 1 root root 45238 Jul 4 17:37 REQUEST-941-APPLICATION-ATTACK-XSS.conf
-rw-rw-r-- 1 root root 77455 Jul 5 12:59 REQUEST-942-APPLICATION-ATTACK-SQLI.conf
-rw-rw-r-- 1 root root 5499 Jul 5 13:00 REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf
-rw-rw-r-- 1 root root 22909 Jul 5 13:08 REQUEST-944-APPLICATION-ATTACK-JAVA.conf
-rw-rw-r-- 1 root root 4628 Jul 5 13:10 RESPONSE-950-DATA-LEAKAGES.conf
-rw-rw-r-- 1 root root 5581 Jul 5 13:26 RESPONSE-954-DATA-LEAKAGES-IIS.conf
-rw-r--r-- 1 root root 18488 Jul 5 13:41 REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf
-rw-r--r-- 1 root root 1888 Jul 5 13:41 REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf
-rw-r--r-- 1 root root 7866 Jul 5 13:41 REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf
-rw-r--r-- 1 root root 10734 Jul 5 13:41 REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf
-rw-r--r-- 1 root root 25948 Jul 5 13:41 REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES.conf
-rw-r--r-- 1 root root 13647 Jul 5 13:42 REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf
-rw-rw-r-- 1 root root 14406 Jul 5 13:55 REQUEST-901-INITIALIZATION.conf
-rw-rw-r-- 1 root root 69679 Jul 5 13:59 REQUEST-932-APPLICATION-ATTACK-RCE.conf
-rw-rw-r-- 1 root root 17403 Jul 5 14:03 RESPONSE-951-DATA-LEAKAGES-SQL.conf
-rw-r--r-- 1 root root 3603 Jul 7 04:40 RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
Beta Was this translation helpful? Give feedback.
All reactions