Is your file upload extremely slow after activating ModSecurity or some rule ?
If you happen to experience extremely slow file uploads after activating some ModSecurity rules, there is one thing you should definetely check.
Recently I was trying to use the following directive:
SecStreamInBodyInspection On
in order to give me access to STREAM_INPUT_BODY, variable which is suggested by ModSecurity documentation as a faster option for matching upon request_body or request_headers.
Suddenly I started to receive complaints about POST file upload being extremely slow. After an hour of debugging it seemed that exactly this directive “SecStreamInBodyInspection On” was causing the slow down.
After some tests I’ve made by myself it showed more then 20x times slower uploads combined with 100% CPU usage by the Apache worker, which was handling the upload.
I’m not sure if this is a bug or a planed behavior, but whatever it is, IT IS BAD !
Conclusion
If you happen to experience extreme upload slowdown after recently activating some mod_security rule or the module itself, then go and revise all of your ModSecurity configuration files, and search for one of these:
SecStreamInBodyInspection On
OR
ctl:SecStreamInBodyInspection=On placed inside a SecRule section