Is your file upload extremely slow after activating ModSecurity or some rule ?
If you happen to experience extremely slow file uploads after activating some ModSecurity rules, there is one thing you should definetely check.
Recently I was trying to use the following directive:
in order to give me access to
STREAM_INPUT_BODY, variable which is suggested by ModSecurity documentation as a faster option for matching upon request_body or request_headers.
Suddenly I started to receive complaints about POST file upload being extremely slow. After an hour of debugging it seemed that exactly this directive “
SecStreamInBodyInspection On” was causing the slow down.
After some tests I’ve made by myself it showed more then 20x times slower uploads combined with 100% CPU usage by the Apache worker, which was handling the upload.
I’m not sure if this is a bug or a planed behavior, but whatever it is, IT IS BAD !
If you happen to experience extreme upload slowdown after recently activating some mod_security rule or the module itself, then go and revise all of your ModSecurity configuration files, and search for one of these:
ctl:SecStreamInBodyInspection=On placed inside a