Actions: | Security

AllGoodBits.org

Navigation: Home | Services | Tools | Articles | Other

Let's test webapp performance

Basic testing with siege

One excellent tool is siege, which supports basic authentication and cookies; its usage it straightforward, its output is simple. It is available in many linux distributions and via homebrew/macports.

Use siege.config to generate a base configuration.

5 concurrent clients will connect to URLs selected from the specified file of URLs for 60 seconds, logging the results to a file:

siege  -c 5 -i -d 1 -t60s --log=/tmp/siege-c5-$(date '+%Y%m%d-%H%M%S') -f urls.txt ; done

Here is an example URLs file:

HOST=my.example.com
$(HOST)/
$(HOST)/Search/Results.html?Query=Status+%3D+%27open%27
$(HOST)/update POST name=newvalue

This merely hits the root of the website, makes a single search URL action and makes a single-field POST. Not very interesting.

Here is some example output:

** SIEGE 3.0.0
** Preparing 5 concurrent users for battle.
The server is now under siege..
HTTP/1.1 200   3.04 secs:   86137 bytes ==> GET  /Search/Results.html
...
Lifting the server siege...      done.

Transactions:                    168 hits
Availability:                 100.00 %
Elapsed time:                  59.97 secs
Data transferred:               8.64 MB
Response time:                  2.89 secs
Transaction rate:               2.80 trans/sec
Throughput:                     0.14 MB/sec
Concurrency:                    8.09
Successful transactions:         168
Failed transactions:               0
Longest transaction:            6.44
Shortest transaction:           0.09

Read both the manual and the configuration file to learn about how to get the output/logging to suit your data analysis toolchain (look at -q, -v and the csv parameter). And the FAQ - there are different gems in each document.

Authenticating siege clients

If any of your webapp is protected by HTTP Basic Auth (i.e. the server returns 401 Not Authorized with WWW-Authenticate header), then you can configure siege to authenticate using the login parameter in the configuration ~/.siegerc:

login = username:password[:realm]

If however, your webapp uses form-based authentication, look into the config file. There is a parameter 'login-url', undocumented elsewhere, which allows every siege client to login to the webapp and establish a session. This URL will be hit once for each siege client session:

login-url = http://my.example.com/login POST name=me&password=abc123

This makes siege much more useful.

Running a siege with bombard

Make sure you have 2 perl modules: GD and Chart::Lines, then build/install bombard.

Running lots of sieges to create a dataset is easy with bombard:

bombard -r 3 -s 1 -i 1 -t 1 -f urls.txt -l siegelog