makinacorpus / drupal_audit

Drupal Audit
43 stars 7 forks source link

Add perfomance audit #10

Open SebCorbin opened 9 years ago

SebCorbin commented 9 years ago

Caches

Blocks

Cache de block activés ? Pourcentage de block non cachable -> prevenir en cas de trop de block custom dont cache mal configuré

Views

Voir le nombre de vues activées, vérifier leur cachabilité Modules Cache views, content cache ou row cache activés

Autre

Cache anonyme (detecter Varnish, ou cache drupal par défaut), check anonymous users really have cache hits (no sessions auto-activated by drupal_messages or special form things, for example) Cookie Cache Bypass Advanced (cookie NO_CACHE) Render cache ou Display cache activé Entity cache et Entity Cache Loader Memcache, Redis ou autre activé Detection de mod_expires et sa configuration (2x wget d'un asset) Si Rules présent -> prévenir préférer les hooks si pas besoin d'édition par l'admin Conseiller CDN ? Conseiller apdqc ?

Contrib

Fast 404 (module ou coeur) avec propositions de patterns dpuis dblog Aggregation JS/CSS core ou advagg Gulpifier - sprite - font d'icone (perf front) Image info cache si beaucoup d'images et/ou beaucoup de styles et/ou beaucoup d'effets Image API optimize

Modules installed

Disable update, overlay, statistics, color, ... Disable UIs Disable dblog, use syslog Show number of notices and warning in dblog Detect enable but missing modules Patch too many modules https://drupal.org/node/2263365#comment-8786605 Detect custom modules, process percentage of hook/function in .modules and includes, prefer *_load_include Locales bigger locale cache patch

Database

Detect DNS in database info (localhost, prefer 127.0.0.1 or unix socket) Tune mysql (prendre mysql tuner ?) Index slow queries Use Shadow module Optimize views http://redcrackle.com/blog/how-optimize-drupal-view-so-it-uses-inner-join-instead-left-join Mysql query cache (256 or 512M) innodb_file_per_table increase max limits for table_cache and descriptors use 50% of available RAM for inndb_buffer_pool_size Move semaphore table to memory Use READ COMMITTED for MySQL transactions Waiting for table metadata locks on cache* tables

Server

Prefer nginx over Apache Install PHP 5.5 for integrated APC with zend_opcode instead of apc, check opcode activation Use php-fpm

Security

Check Drupal core is up to date Check security issues for important modules (views, rules, etc) Check Information disclosure in http headers (Apache ->Token Prod, Nginx server_tokens off, PHP expose_php off ) Check drupal roles/acl assignement Check input filters configuration Check all custom code and templates for $_GET or $_POST bad usage, absence of render() calls, absence of check_markup, etc. Start with search forms. Check that SEO code is not reusing page titles in some google js settings without escaping the simple and double quotes.

regilero commented 9 years ago

I edited some things in your comment, though it was a things-to-remember-I-have-to-do note. maybe I should have added theses things in a comment, sorry.