ModSecurity (WAF) – File upload is extremely slow

Published on Author gryzli

Is your file upload extremely slow after activating ModSecurity or some rule ?

If you happen to experience extremely slow file uploads after activating some ModSecurity rules, there is one thing you should definetely check.


Recently I was trying to use the following directive:

SecStreamInBodyInspection On


in order to give me access to STREAM_INPUT_BODY, variable which is suggested by ModSecurity documentation as a faster option for matching upon request_body or request_headers.

Suddenly I started to receive complaints about POST file upload being extremely slow. After an hour of debugging it seemed that exactly this directive “SecStreamInBodyInspection On” was causing the slow down.

After ┬ásome tests I’ve made by myself it showed more then 20x times slower uploads combined with 100% CPU usage by the Apache worker, which was handling the upload.

I’m not sure if this is a bug or a planed behavior, but whatever it is, IT IS BAD !


If you happen to experience extreme upload slowdown after recently activating some mod_security rule or the module itself, then go and revise all of your ModSecurity configuration files, and search for one of these:

SecStreamInBodyInspection On


ctl:SecStreamInBodyInspection=On placed inside a SecRule section