Hi all,

Hoping someone can help me tackle this. Installed 5.2 onto a local WAMP install, which otherwise is really fast...
However, after installing Drupal and loading it with a number of modules, custom theme, etc., the site has become unreasonably slow.
I've increased memory in php.ini and max_time to even be able to access certain pages; had to disable some modules in phpmyadmin to get past the WSOD...

What's strange is that queries take about 3s and the rest 40s+. Now, httpd.exe does go up to 80-90% cpu on a P4-1.5 laptop with 1.2 GB ram, which is very strange, as the site is virtually empty - my 5 year old Wordpress executes in about 12 ms.

Apache's error.log gives almost no clues - the last few lines that correspond more or less to the error are:

[Mon Jul 30 00:42:01 2007] [error] [client 127.0.0.1] PHP Fatal error:  Maximum execution time of 30 seconds exceeded in C:\\www\\webapps\\drupal\\includes\\file.inc on line 644
[Mon Jul 30 00:53:41 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Match of "rx (?:\\\\b(?:(?:i(?:nterplay|hdr|d3)|m(?:ovi|thd)|(?:ex|jf)if|f(?:lv|ws)|varg|cws)\\\\b|r(?:iff\\\\b|ar!B)|gif)|B(?:%pdf|\\\\.ra)\\\\b)" against "RESPONSE_BODY" required. [id "970902"] [msg "PHP source code leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/phpmyadmin/tbl_replace.php"] [unique_id "r4GyaMCoAgoAABVYnsAAAAD4"]
[Mon Jul 30 00:54:26 2007] [error] [client 127.0.0.1] PHP Fatal error:  Maximum execution time of 30 seconds exceeded in C:\\www\\webapps\\drupal\\includes\\file.inc on line 641

Below are the top few lines from Devel module... Does anyone have a clue what could be going on... anything worth trying?

Executed 112 queries in 318.73 milliseconds. Queries taking longer than 5 ms and queries executed more than once, are highlighted. Page execution time was 40954.95 ms.
ms	#	where	query
44.57	1	aggregator_block	SELECT i.* FROM aggregator_category_item ci LEFT JOIN aggregator_item i ON ci.iid = i.iid WHERE ci.cid = 3 ORDER BY i.timestamp DESC, i.iid DESC LIMIT 0, 10
43.86	1	block_list	SELECT DISTINCT b.* FROM blocks b LEFT JOIN blocks_roles r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = 'litejazz' AND b.status = 1 AND (r.rid IN (2,3) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module
38.43	1	_nodewords_load	SELECT * FROM nodewords WHERE type = 'node' AND id = '1'
29.6	1	taxonomy_node_get_terms	SELECT t.* FROM term_node r INNER JOIN term_data t ON r.tid = t.tid INNER JOIN vocabulary v ON t.vid = v.vid WHERE r.nid = 2 ORDER BY v.weight, t.weight, t.name
27.29	1	taxonomy_node_get_terms	SELECT t.* FROM term_node r INNER JOIN term_data t ON r.tid = t.tid INNER JOIN vocabulary v ON t.vid = v.vid WHERE r.nid = 1 ORDER BY v.weight, t.weight, t.name
11.52	1	cache_set	INSERT INTO cache_menu (cid, data, created, expire, headers) VALUES ('1:en', 'a:4:{s:10:\"path index\";a:264:{s:18:\"admin/logs/adsense\";s:2:\"84\";s:28:\"admin/logs/adsense/top_pages\";s:2:\"85\";s:25:\"ad

Comments

shezaf’s picture

The problem may be a ModSecurity rule that you are using. This specific rule inspects your outbound traffic and therefore may take more time than the inbound rules. Unlike inbound rules that detect attacks, outbound rules usually detect isssues in your application. So if you are pretty sure of the security of your applicaiton, or use commonly used code, you may just drop those rules. Look for a file called modsecurity_crs_50_outbound.conf pointed to by your httpd.conf file and remove it.

if you want to understand more about ModSecurity go to its web site at www.modsecurity.org

~ Ofer Shezaf
ModSecurity Core Rule Set Project Leader
ofers@breach.com