Put the ModSecurity interception logic onto separated threads #289

wfjsw · 2022-08-30T17:15:52Z

This PR is created to describe my patch to fix #227 and it is by no means a complete patch ready for merge.

The patch contains several unrelated changes, namely:

Logger change, from dd to ngx_log_error to accomodate my own debugging need
Removal of ngx_http_modsecurity_pcre_malloc_init and ngx_http_modsecurity_pcre_malloc_done. They are not used in my configuration where PCRE2 is used, and it looks suspicious for SEGVs so I commented them out as a precaution.
Why use NGX_OK in logging handler? Changed to NGX_DECLINED.

Not yet implemented:

I'm not sure whether logging phase would take advantage of this. I did not change that yet.
Missing a NGX_THREADS guard for Nginx setup without threading support.

Currently it passes all test suites and performs well in production.

Benchmarking is welcomed.

airween · 2024-04-16T20:06:05Z

Hi @wfjsw, there is a new CI workflow test in this repository. Could you pick up the modifications to enable run those tests? Thanks!

wfjsw added 4 commits August 12, 2022 14:45

logging

e63482c

other logs

df8c8ff

thread

ccb03de

fix log level

cb3f264

Provide feedback