We are using the current version of the PHP IDS for testing purposes on a pretty high-trafficked platform and the performance isn’t really an issue - btw. i am currently building up a testsite where you can stress-test the IDS.

i guess christ1an will keep you informed via his blog ’bout the release of the demo and the URL.

Greetings,
.mario

Thanks for stopping by. I will definitely test your code . I wil post the test results and give you a ping

Actually mod_security is not directly comparable to our project and even has a couple of disadvantages. I’m going to point that out on a separate blog posting today or somewhen during the next days.

Concerning your performance concern:
Not only the PHP IDS is based on regular expressions but so is mod_security. As you might know, the latter is an Apache modul which means that it needs to be loaded on every single request again and additionally make the same cross-checking.

Moreover the PHP function preg_match() usually is pretty fast. Fetching the rules can be done in various ways, not only by parsing an XML file with SimpleXML like we did it in our first example code (which is very fast too by the way). You can simple pass an array to the monitor class as well.

If you have any further questions or suggestions, just drop a message