SPX.
- totally free and confined to your infrastructure (i.e. no data leaks to a SaaS).
- very simple to use: just set an environment variable (command line script) or a query string parameter (web page) to get a flat profile as output. Thus, you are free of:
- multi metrics capable: 10 currently supported (various time metrics, memory, objects in use, I/O...).
- multi output formats capable: SPX does not require external / third party analysis tool as it can produce flat profile, which is sufficient in most cases, on its own. However, when you need to perform deeper analysis, SPX can output profile data in the following interoperable formats:
Requirements
- x86-64
- GNU/Linux
- zlib dev package (e.g. zlib1g-dev on Debian based distro)
- PHP 5.6 & 7+
- Non-ZTS (threaded) build of PHP (ZTS support is theoretical)
Installation
Prerequisites
Install the extension
Development status
Basic usage
CLI script
HTTP request
Advanced usage
Parameters
Available parameters
Setting parameters for CLI script
Setting parameters for HTTP request
- as a query string parameter:
https://...?SPX_KEY=<key>
. - as a request header:
SPX-KEY: <key>
. Since underscores (_
) are not allowed in header field name, you have to replace them with an en dash (-
).
HTTP
Security concern
- steal SPX output and get sensible information about your application.
- to a lesser extent, make a DoS attack against your application with a costly SPX profiling setup.
- IP address white list (exact string representation matching).
- Fixed secret random key (generated on your own) provided via a request header or query string parameter.
Configuration
Private environment
spx.http_enabled=1
spx.http_key="dev"
spx.http_ip_whitelist="127.0.0.1"
Best practices
- You should prefer profiling secured (HTTPS) URLs only.
- You should prefer set
SPX_KEY
via an HTTP header instead of a query string parameter. - You can take advantage of an header management browser extension for ease of use, but do not forget to restrict SPX headers to your domain.
Comments
Post a Comment