How to reduce Modsecurity disk IO

apache-2.4 mod-security

Modsecurity generates a lot of disk io operations, and the file www-data-ip.pag is read and written continuously. Is there any solution that can effectively reduce this? Could it be moved to RAM in some way?


You can use the https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#secdatadir directive, pointing to a previously created directory in ram:

mkdir -p /mnt/ramdisk/modsecurity
mount -t tmpfs -o size=1024m tmpfs /mnt/ramdisk/modsecurity

And

SecDataDir /mnt/ramdisk/modsecurity

(check permissions in that directory, that apache user can create files, etc) And remember to doing it permanent in /etc/fstab:

tmpfs       /mnt/ramdisk/modsecurity tmpfs   nodev,nosuid,noexec,nodiratime,size=1024M

The weird part is the "note" in the SecDataDir directive:

Note : SecDataDir is not currently supported. Collections are kept in memory (in_memory-per_process) for now.

Additional information (how to read the file, and some additional concurrency problems) can be seen in https://github.com/SpiderLabs/ModSecurity/issues/2240.

Related

How to upgrade PostgreSQL on EC2?
Access to SMB shares denied after update to FreeNAS 11.3
How to fix AH02565: Certificate and private key do not match
Do all ethernet switches support multicast?
Is there a standard way to update instance template in instance group?
Start udhcpd (busybox) with Systemd?
How do I disable Bitlocker Encryption settings using Intune?
How do Virtual IPs allow fast switching?
nftables read counters as non-root user
How should I set my nginx configuration to use subdomains with CNAME host record?
vCenter in a ESXI host that it manages
Setting Java heap space under Maven 2 on Windows