jxwaf性能测试报告 - FreeBuf网络安全行业门户

官方公众号企业安全新浪微博

FreeBuf.COM网络安全行业门户，每日发布专业的安全资讯、技术剖析。

FreeBuf+小程序把安全装进口袋

jxwaf性能测试报告

2020-08-13 20:27:35

所属地广东省

你是否还在为自己一往无前而感到害怕？你是否还在大白天下而感到恐惧呢？不用怕不用怕！！！套上jxwaf，你就会感到丝滑柔顺，薄如蝉翼，给你的感觉就是没有套上去，你以为你没有用，其实你在用的这种恍恍惚惚的情绪将会围绕你的身后，给你无穷无尽的快乐。jxwaf就是这么好！！！

测试准备

测试架构

现在分别对三套架构进行压测对比，看看性能损耗是多少：

1、nginx-》bwapp

2、jxwaf-》nginx-》bwapp

3、jxwaf-》bwapp

测试环境

bwapp可以使用dockcer进行部署，并且对外访问是8888端口。

docker run -it -p 8888:80  docker.io/moeinfatehi/bwapp

安装完成之后，在浏览器打开http://IP:8888/install.php，点击here进行初始化安装。

nginx的话，直接反向代理到bwapp（127.0.0.1:8888）

server {
        listen       80 default_server;
        server_name  abc.test.com;
        root         /usr/share/nginx/html;

        include /etc/nginx/default.d/*.conf;

        location / {
        proxy_pass http://127.0.0.1:8888;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

jxwaf的安装部署可以参考这篇文章：https://www.freebuf.com/articles/es/242689.html

也就是把nginx的端口改成除80之外，jxwaf反向到nginx的端口上面，配置好域名指向即可。

测试脚本

Locust 是一个开源负载测试工具。使用 Python 代码定义用户行为，也可以仿真百万个用户。

我这边使用的域名是abc.test.com，自己根据自己的需要进行修改。我根据bwapp的接口定义了四个行为，登录、查询、设置以及注销

from locust import TaskSet, HttpLocust, task
from locust.clients import HttpSession


class WafTask(TaskSet):
    host = 'http://abc.test.com'
    session = None

    def on_start(self):
        payload = "login=bee&password=bug&security_level=0&form=submit"
        login_uri = "/login.php"

        self.session = HttpSession(self.host)

        response = self.session.post(url=self.host + login_uri, data=payload)

        print("LOGIN RESULT:", response.status_code)

    def on_stop(self):
        logout_uri = "/logout.php"
        self.session = HttpSession(self.host)
        response = self.session.get(url=self.host + logout_uri)
        print("LOGOUT RESULT:", response.status_code)
    @task
    def get_list(self):

        uri = "/portal.php"
        payload = "bug=2&form=submit"
        response = self.session.post(uri, data=payload.encode('utf-8'))

        print('查询结果 :', response.status_code)
        return response

    @task
    def set_level(self):

        uri = "/security_level_set.php"
        payload = "security_level=0&form=submit"

        response = self.session.post(uri, data=payload.encode('utf-8'))

        print('查询结果 :', response.status_code)
        return response


class BasicHttp(HttpLocust):
    task_set = WafTask
    min_wait = 5000
    max_wait = 9000
    host = 'http://abc.test.com'

单机模式运行

locust -f yace.py --host=

分布式运行

master

locust -f yace.py --host= --master

slave

import os
for i in range(1,80):
  os.system("cd /opt/ && locust -f yace.py  --host= --slave  > /tmp/"+str(i)+" 2>&1 & ")

之后访问 http://*:8089。可以看到我的已经启动了79个slave

性能测试数据

接下来会贴上二种测试指标，一种是三种架构从1k用户并发到1w用户并发的数据；另一种则是在7000这一个用户并发内（正常访问最高峰）测试三次，看看差异性。每次测试的时间为五分钟，其中咱们关注的Average response time（平均响应时间）和Requests/s(QPS)这两个指标，核心的数据，已经标黑处理。

指标一

先上图，再上表格数据。

平局响应时间，可以看到jxwaf一直处于低位，说明处理速度比nginx还快;并且如果后面有nginx的话，jxwaf传输到nginx那里，会对性能有所损耗。

QPS，jxwaf的QPS处于领先地位，很奇怪的是在nginx+jxwaf这种架构下，其QPS随着并发逐渐缓慢上升（笑哭不得）

1、nginx-》bwapp

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	1000	0	260	381	38	1351	4013	3.02
GET	/logout.php	1000	0	120	114	38	188	4013	3.02
POST	/portal.php	23486	0	19	29	13	1705	4013	70.81
POST	/security_level_set.php	23455	0	19	28	13	1688	4013	70.72
None	Aggregated	48941	0	19	37	13	1705	4013	147.56
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	2000	0	360	829	17	4257	4013	4.86
GET	/logout.php	2000	0	130	132	23	221	4013	4.86
POST	/portal.php	58010	94	20	37	6	4172	4006	140.91
POST	/security_level_set.php	58103	80	20	37	6	4568	4007	141.13
None	Aggregated	120113	174	20	52	6	4568	4007	291.76
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	3000	0	620	1209	13	7139	4013	8.51
GET	/logout.php	3000	0	130	136	18	1202	4013	8.51
POST	/portal.php	74946	0	21	50	14	7284	4013	212.61
POST	/security_level_set.php	74233	0	21	51	14	7465	4013	210.59
None	Aggregated	155179	0	22	75	13	7465	4013	440.22
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	4000	2	1100	1618	16	7467	4012	11.97
GET	/logout.php	4000	0	180	199	19	3214	4013	11.97
POST	/portal.php	92655	3	25	70	15	8995	4012	277.22
POST	/security_level_set.php	93488	2	25	71	14	8971	4012	279.71
None	Aggregated	194143	7	25	105	14	8995	4012	580.86
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	5000	0	490	983	14	15146	4013	16.54
GET	/logout.php	5000	0	150	316	19	7621	4013	16.54
POST	/portal.php	99798	0	150	364	18	15256	4013	330.23
POST	/security_level_set.php	99900	0	150	365	17	15350	4013	330.57
None	Aggregated	209698	0	150	378	14	15350	4013	693.89
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	6000	0	590	1318	19	31267	4013	21.37
GET	/logout.php	6000	0	130	220	20	3410	4013	21.37
POST	/portal.php	110134	0	120	386	16	17250	4013	392.17
POST	/security_level_set.php	110236	0	120	388	16	17509	4013	392.53
None	Aggregated	232370	0	130	407	16	31267	4013	827.43
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	0	740	1633	20	31768	4013	19.58
GET	/logout.php	7000	0	180	375	19	8415	4013	19.58
POST	/portal.php	144875	2	630	1169	16	34743	4012	405.19
POST	/security_level_set.php	145163	2	630	1178	16	34746	4012	406
None	Aggregated	304038	4	610	1166	16	34746	4012	850.34
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	8000	90	7300	9635	6	61236	3998	13.64
GET	/logout.php	8000	9	280	1089	19	67552	4012	13.64
POST	/portal.php	213867	522	1800	3208	6	92105	4012	364.57
POST	/security_level_set.php	212682	484	1800	3198	7	93305	4012	362.55
None	Aggregated	442549	1105	1800	3281	6	93305	4011	754.39
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	9000	73	1300	3458	18	62334	4010	17.82
GET	/logout.php	9000	11	460	1715	20	63893	4012	17.82
POST	/portal.php	169560	1539	2500	4789	40	95662	4010	335.64
POST	/security_level_set.php	169096	1481	2500	4770	39	95705	4010	334.72
None	Aggregated	356656	3104	2400	4669	18	95705	4010	705.99
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	10000	233	1700	5518	15	63898	4005	15.5
GET	/logout.php	10000	41	510	2225	22	67430	4011	15.5
POST	/portal.php	209533	3978	3000	6424	33	115556	4006	324.71
POST	/security_level_set.php	210151	4005	3000	6423	34	105244	4006	325.67
None	Aggregated	439684	8257	2900	6308	15	115556	4006	681.37

2、jxwaf-》nginx-》bwapp

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	1000	0	190	478	40	3075	4013	2.79
GET	/logout.php	1000	0	120	116	25	193	4013	2.79
POST	/portal.php	25349	0	22	32	16	3179	4013	70.74
POST	/security_level_set.php	25430	0	22	33	16	3035	4013	70.97
None	Aggregated	52779	0	23	43	16	3179	4013	147.29
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	2000	0	380	896	30	7068	4013	7.49
GET	/logout.php	2000	0	160	169	27	348	4013	7.49
POST	/portal.php	37598	0	24	54	16	7049	4013	140.76
POST	/security_level_set.php	37108	0	24	51	17	4825	4013	138.93
None	Aggregated	78706	0	24	77	16	7068	4013	294.66
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	3000	1	1200	1898	25	7588	4012	7.38
GET	/logout.php	3000	0	200	218	25	1435	4013	7.38
POST	/portal.php	84843	0	55	122	20	8305	4013	208.77
POST	/security_level_set.php	84439	1	55	122	22	9175	4012	207.77
None	Aggregated	175282	2	57	154	20	9175	4012	431.31
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	4000	0	800	921	16	4363	4013	10.4
GET	/logout.php	4000	0	220	314	26	4700	4013	10.4
POST	/portal.php	100771	0	280	457	24	9474	4013	261.97
POST	/security_level_set.php	100848	0	280	456	24	8971	4013	262.17
None	Aggregated	209619	0	290	462	16	9474	4013	544.93
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	5000	2	850	1342	16	17020	4012	12.39
GET	/logout.php	5000	0	260	491	24	9176	4013	12.39
POST	/portal.php	121313	0	620	1010	24	31559	4013	300.73
POST	/security_level_set.php	121077	1	620	1010	23	36274	4012	300.14
None	Aggregated	252390	3	610	1006	16	36274	4012	625.66
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	6000	1	1400	2182	21	61522	4012	13.96
GET	/logout.php	6000	0	290	702	24	9180	4013	13.96
POST	/portal.php	123083	55	2000	2776	64	70418	4011	286.28
POST	/security_level_set.php	123278	62	2000	2795	50	77489	4011	286.74
None	Aggregated	258361	118	1900	2723	21	77489	4011	600.93
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	0	1100	1559	18	11575	4013	14.58
GET	/logout.php	7000	0	540	1219	28	23604	4013	14.58
POST	/portal.php	143104	82	2700	3565	51	71928	4011	298.12
POST	/security_level_set.php	143647	73	2700	3560	33	69204	4011	299.26
None	Aggregated	300751	155	2700	3462	18	71928	4011	626.55
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	8000	9	1400	2411	18	62864	4009	13.19
GET	/logout.php	8000	6	790	2268	24	64687	4012	13.19
POST	/portal.php	173243	495	3500	5118	35	96705	4007	285.55
POST	/security_level_set.php	173028	474	3500	5088	30	122687	4007	285.19
None	Aggregated	362271	984	3400	4981	18	122687	4007	597.11
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	9000	54	2300	5299	21	63928	4002	14.38
GET	/logout.php	9000	3	740	2202	25	94922	4012	14.38
POST	/portal.php	189748	538	4200	5749	41	122802	4006	303.21
POST	/security_level_set.php	190426	516	4200	5745	43	100040	4007	304.29
None	Aggregated	398174	1111	4100	5657	21	122802	4006	636.26
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	10000	63	1900	4620	25	64665	3997	15.06
GET	/logout.php	10000	0	1000	2222	27	64299	4013	15.06
POST	/portal.php	219327	125	5000	5736	45	72470	4011	330.37
POST	/security_level_set.php	218455	96	5000	5717	39	73712	4012	329.05
None	Aggregated	457782	284	4900	5626	25	73712	4011	689.55

3、jxwaf-》bwapp

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	1000	0	140	382	18	1103	4013	2.72
GET	/logout.php	1000	0	100	99	28	166	4013	2.72
POST	/portal.php	26704	0	19	25	12	1208	4013	72.58
POST	/security_level_set.php	25956	0	19	25	12	1358	4013	70.54
None	Aggregated	54660	0	19	33	12	1358	4013	148.56
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	2000	0	230	784	15	4259	4013	5.36
GET	/logout.php	2000	0	120	114	25	205	4013	5.36
POST	/portal.php	53059	0	20	38	14	4391	4013	142.08
POST	/security_level_set.php	53062	0	20	38	14	4268	4013	142.09
None	Aggregated	110121	0	20	53	14	4391	4013	294.89
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	3000	0	330	987	16	7084	4013	8.6
GET	/logout.php	3000	0	130	132	20	1193	4013	8.6
POST	/portal.php	73954	0	21	48	14	7218	4013	212
POST	/security_level_set.php	73802	0	21	47	14	7225	4013	211.56
None	Aggregated	153756	0	21	68	14	7225	4013	440.76
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	4000	0	490	1379	19	7454	4013	10.47
GET	/logout.php	4000	0	130	186	20	3883	4013	10.47
POST	/portal.php	106566	0	21	60	13	8976	4013	278.91
POST	/security_level_set.php	105993	0	21	61	13	8637	4013	277.41
None	Aggregated	220559	0	21	87	13	8976	4013	577.25
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	5000	6	1400	2711	28	15308	4008	12.87
GET	/logout.php	5000	0	170	219	16	7195	4013	12.87
POST	/portal.php	132285	1	44	124	15	16328	4012	340.38
POST	/security_level_set.php	132451	0	44	126	16	16374	4013	340.8
None	Aggregated	274736	7	45	174	15	16374	4012	706.91
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	6000	0	440	1242	14	15080	4013	15.67
GET	/logout.php	6000	0	130	162	18	2528	4013	15.67
POST	/portal.php	156444	1	30	196	14	16299	4012	408.66
POST	/security_level_set.php	156611	0	30	194	14	16178	4013	409.09
None	Aggregated	325055	1	31	214	14	16299	4012	849.09
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	2	1100	2331	19	16434	4012	17.08
GET	/logout.php	7000	0	200	433	17	16727	4013	17.08
POST	/portal.php	178539	0	340	692	18	22865	4013	435.56
POST	/security_level_set.php	179589	0	340	694	18	31350	4013	438.13
None	Aggregated	372128	2	340	719	17	31350	4012	907.85
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	8000	20	1600	4387	19	75299	4004	17.25
GET	/logout.php	8000	0	390	918	19	63517	4013	17.25
POST	/portal.php	172542	33	1600	2901	33	92879	4012	372.07
POST	/security_level_set.php	172310	27	1600	2911	33	120111	4012	371.57
None	Aggregated	360852	80	1600	2895	19	120111	4012	778.15
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	9000	4	1600	5935	18	75659	4011	18.28
GET	/logout.php	9000	0	240	529	15	60158	4013	18.28
POST	/portal.php	189938	15	1700	2632	12	78944	4012	385.8
POST	/security_level_set.php	189724	7	1700	2630	13	125276	4012	385.37
None	Aggregated	397662	26	1700	2659	12	125276	4012	807.73
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	10000	2	1300	4025	15	62828	4012	17.3
GET	/logout.php	10000	0	380	1124	21	63482	4013	17.3
POST	/portal.php	250915	24	2300	3402	28	123246	4012	434.16
POST	/security_level_set.php	250857	27	2300	3401	28	122064	4012	434.06
None	Aggregated	521772	53	2200	3370	15	123246	4012	902.82

指标二

平均响应时间，以承受最高7K用户并发重复测试三次，可以看到排除最高的第三次，可以看到jxwaf处理的速度更加快。

QPS，以承受最高7K用户并发重复测试三次，可以看到jxwaf的QPS是最高的。

1、nginx-》bwapp

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	1	730	1522	14	33237	4012	17.21
GET	/logout.php	7000	0	220	463	20	7428	4013	17.21
POST	/portal.php	161518	2	750	1424	17	36053	4012	397.04
POST	/security_level_set.php	161617	3	750	1427	18	48081	4012	397.29
None	Aggregated	337135	6	730	1407	14	48081	4012	828.74
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	3	1100	2242	20	31662	4012	17.09
GET	/logout.php	7000	0	190	460	22	10739	4013	17.09
POST	/portal.php	161546	7	980	1516	20	63813	4012	394.43
POST	/security_level_set.php	161087	8	1000	1513	19	61210	4012	393.31
None	Aggregated	336633	18	940	1507	19	63813	4012	821.93
Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	0	1500	2128	24	32230	4013	16.61
GET	/logout.php	7000	0	330	712	25	9720	4013	16.61
POST	/portal.php	145834	3	2000	2375	36	34703	4012	345.94
POST	/security_level_set.php	146275	4	2000	2367	43	33333	4012	346.99
None	Aggregated	306109	7	1900	2327	24	34703	4012	726.14

2、jxwaf-》nginx-》bwapp

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	10	1500	4063	36	52552	4012	14.24
GET	/logout.php	7000	0	490	1303	27	61074	4013	14.24
POST	/portal.php	169133	72	1700	2284	49	77344	4012	344.02
POST	/security_level_set.php	168705	70	1700	2279	52	97389	4012	343.14
None	Aggregated	351838	152	1700	2298	27	97389	4012	715.64

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	3	1600	3083	23	60676	4012	14.06
GET	/logout.php	7000	2	550	1360	25	61963	4012	14.06
POST	/portal.php	159543	35	2300	2934	38	71734	4012	320.35
POST	/security_level_set.php	159235	35	2300	2931	44	71421	4012	319.73
None	Aggregated	332778	75	2200	2902	23	71734	4012	668.19

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	0	1500	2128	24	32230	4013	16.61
GET	/logout.php	7000	0	330	712	25	9720	4013	16.61
POST	/portal.php	145834	3	2000	2375	36	34703	4012	345.94
POST	/security_level_set.php	146275	4	2000	2367	43	33333	4012	346.99
None	Aggregated	306109	7	1900	2327	24	34703	4012	726.14

3、jxwaf-》bwapp

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	16	1600	4134	21	61667	4005	15.64
GET	/logout.php	7000	0	310	752	21	62237	4013	15.64
POST	/portal.php	152406	16	1400	2493	19	121134	4012	340.61
POST	/security_level_set.php	152820	24	1400	2482	20	120757	4012	341.54
None	Aggregated	319226	56	1400	2485	19	121134	4012	713.44

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	4	1100	2169	17	15932	4011	17.52
GET	/logout.php	7000	0	210	344	22	6047	4013	17.52
POST	/portal.php	176717	0	290	615	15	18980	4013	442.29
POST	/security_level_set.php	176638	0	290	611	14	31110	4013	442.09
None	Aggregated	367355	4	290	638	14	31110	4012	919.42

Type	Name	# requests	# failures	Median response time	Average response time	Min response time	Max response time	Average Content Size	Requests/s
POST	/login.php	7000	0	890	1940	22	15870	4013	16.9
GET	/logout.php	7000	0	250	410	18	32051	4013	16.9
POST	/portal.php	170149	22	540	1119	15	75551	4012	410.81
POST	/security_level_set.php	170662	15	540	1117	15	76332	4012	412.05
None	Aggregated	354811	37	530	1120	15	76332	4012	856.67

想要excel文档的话，关注并且私信！！

# 企业安全 # JXWAF

本文为独立观点，未经允许不得转载，授权请联系FreeBuf客服小蜜蜂，微信：freebee2022

被以下专辑收录，发现更多精彩内容

+ 收入我的专辑

+ 加入我的收藏

展开更多