Welcome! Log In Create A New Profile

Re: performance hit in using too many if's

Forum List Message List New Topic Print View

Anoop Alias

September 24, 2016 05:40AM

I understand that the map may look cleaner on the config as each vhost
don't need the if matchings ..but the variable evaluation and
therefore the pattern matching for all possible values is still
happening when the mapped variable in encountered? and therefore there
is still a huge performance penalty ?

I am mainly asking this..as the above type of security configs are
mostly not seen on nginx official blogs /documentation etc .
Just wanted to know if people who know the internals have purposefully
omitted these setting even though they are serving the purpose of
security.

On Sat, Sep 24, 2016 at 2:45 PM, <lists@lazygranch.com> wrote:
> ‎I suspect the map module can do that more efficiently. There is an example of how to use the map module in this post:
>
> http://ask.xmodulo.com/block-specific-user-agents-nginx-web-server.html
>
> The code is certainly cleaner using map. I use three maps, specifically for bad user agent, bad request, and bad referrer.
>
>
>
> Original Message
> From: Anoop Alias
> Sent: Saturday, September 24, 2016 1:58 AM
> To: Nginx
> Reply To: nginx@nginx.org
> Subject: performance hit in using too many if's
>
> Hi,
>
> I was following some suggestions on blocking user agents,sql
> injections etc as in the following URL
>
> https://www.howtoforge.com/nginx-how-to-block-exploits-sql-injections-file-injections-spam-user-agents-etc
>
> Just wanted to know what is the performance hit when using so many of
> these if's ( in light of the if-is-evil policy ). Especially if the
> server is having a lot of virtual hosts and the rules are matched for
> each of them.
>
> Is it like:
>
> If the server is capable (beefy) it should be able to handle these URL ?
>
> or
>
> There is a huge performance penalty .Significantly more than
> apache+mod_security as an example
>
> or
>
> The is a performance penalty but not as much as other security tools
> or WAF's like naxsi or mod_security
>
>
> Thanks in advance,
>
> --
> Anoop P Alias
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Anoop P Alias

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
performance hit in using too many if's	Anoop Alias	September 24, 2016 05:00AM
Re: performance hit in using too many if's	gariac	September 24, 2016 05:32AM
Re: performance hit in using too many if's	Anoop Alias	September 24, 2016 05:40AM
Re: performance hit in using too many if's	gariac	September 24, 2016 06:04AM
Re: performance hit in using too many if's	Robert Paprocki	September 24, 2016 07:42AM
Re: performance hit in using too many if's	gariac	September 24, 2016 10:10AM
Re: performance hit in using too many if's	Alt	September 26, 2016 04:43AM
Re: performance hit in using too many if's	gariac	September 26, 2016 06:10AM
Re: performance hit in using too many if's	Anoop Alias	September 26, 2016 07:30AM
Re: performance hit in using too many if's	gariac	September 26, 2016 11:18AM
Re: performance hit in using too many if's	c0nw0nk	September 26, 2016 12:10PM
Re: performance hit in using too many if's	Robert Paprocki	September 26, 2016 01:18PM
Re: performance hit in using too many if's	gariac	September 26, 2016 03:00PM
Re: performance hit in using too many if's	Alt	September 27, 2016 07:34AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

hackermade

Guests: 292

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018