Would folks here generally recommend for or against mod_security given the likely increased server load?
11:20 pm on Mar 14, 2006 (gmt 0)
I run mod_security on all my sites, and I can't say I've noticed any significant increase in server load. I certainly feel happier running it than not. A small server with apache2 & mod_security even survived a recent "digg-ing" so I don't think you need to worry too much about its performance.
12:44 am on Mar 15, 2006 (gmt 0)
Thanks for the reply. Have just installed mod_security for apache 1.x, but compiled against PCRE (to avoid speed issues mentioned when installing against apache 1.x). Also hard to tell if it's creating any increased server load. Am currenly running just these rule sets: