One of our customers is having problems with a particular page loading really really slowly (10 seconds-ish). I'm trying to figure out if it is a problem with the PHP code or possibly a mod_sec issue.

Basically the page does a MySQL lookup and then generates a calendar in html on the page, with each day number having a hyperlink with an argument (e.g. page.php?something=this/that/theother )

I've used top, and see that mysql goes to 6% CPU but http hits 97% and stays there for a good 10 seconds while the page refreshes.

As far as I'm aware, mod_sec isn't going to be in play at this point, so it is most likely poorly written or at least poorly optimised PHP (I don't think it will be MySQL due to low CPU use on it and there are no "slow queries" reported)

Am I right about this, or could mod_sec have a hand in this somewhere? I suppose the hidden iframe rule will have scanned the page, but is there anything else in the asl rules that look at the rendered page as opposed to checking posts/gets?

Faris.

p.s. memory use by http and mysql as reported by top during the page load is not significant (e.g. 4%).

I have never seen mod_security make a page load slowly, but you could just temporarily disable mod_security for this directory/vhost/server if you want to check if it makes a difference.

Are any mod_rewrite rules involved? That could certainly manifest like that

No, no mod_rewrite rules at all.

I'll try disabling mod_sec for that directory and see what happens.

Faris.