Return-Path: 
 <dev-return-56982-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 45261 invoked from network); 20 Apr 2007 08:47:01 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 20 Apr 2007 08:47:00 -0000
Received: (qmail 93450 invoked by uid 500); 20 Apr 2007 08:47:01 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 93352 invoked by uid 500); 20 Apr 2007 08:47:01 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 93341 invoked by uid 99); 20 Apr 2007 08:47:01 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Apr 2007 01:47:01 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of juergu@solnet.ch designates
 212.101.4.137 as permitted sender)
Received: from [212.101.4.137] (HELO mail03.solnet.ch) (212.101.4.137)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Apr 2007 01:46:53 -0700
X-Virus-Scanned: by amavisd-new at mail03.solnet.ch
Received: from mail03.solnet.ch ([127.0.0.1])
	by localhost (mail03.solnet.ch [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id ZIMEs+RNi6LD; Fri, 20 Apr 2007 08:46:31 +0000 (UTC)
Received: from web.solnet.ch (joe.solnet.ch [212.101.4.131])
	by mail03.solnet.ch (Postfix) with ESMTP id 82B7160FB2;
	Fri, 20 Apr 2007 08:46:31 +0000 (UTC)
Received: from 194.41.216.139
        (SquirrelMail authenticated user juergu)
        by web.solnet.ch with HTTP;
        Fri, 20 Apr 2007 10:46:31 +0200 (CEST)
Message-ID: <34345.194.41.216.139.1177058791.squirrel@web.solnet.ch>
Date: Fri, 20 Apr 2007 10:46:31 +0200 (CEST)
Subject: RFE --  external overload procedure
From: "Juerg Umhang" <juergu@solnet.ch>
To: dev@httpd.apache.org
User-Agent: SquirrelMail/SolNet
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Checked: Checked by ClamAV on apache.org

hello

please consider this posting as a request for enhancement

httpd knows about his overload situation.
---- [error] server reached MaxClients setting, consider raising the
MaxClients setting
this overload is easily created by an external attacker. in case of an
attack you have to react.
best done on a lower osi-layer (iptables, pf, ...).
realtime log analysis has his own odds and twists. we would prefer a call
to an 'external helper procedure'.

the following patch is a quick and dirty implementation.
--- httpd-2.2.4/server/mpm/worker/worker.c.orig 2007-04-12
12:58:28.000000000 +0200
+++ httpd-2.2.4/server/mpm/worker/worker.c      2007-04-12
15:44:04.000000000 +0200
@@ -135,6 +135,7 @@ static fd_queue_t *worker_queue;
 static fd_queue_info_t *worker_queue_info;
 static int mpm_state = AP_MPMQ_STARTING;
 static int sick_child_detected;
+static int reported = 0;

 /* The structure used to pass unique initialization info to each thread */
 typedef struct {
@@ -1514,7 +1515,6 @@ static void perform_idle_server_maintena
         /* terminate the free list */
         if (free_length == 0) {
             /* only report this condition once */
-            static int reported = 0;

             if (!reported) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0,
@@ -1522,6 +1522,10 @@ static void perform_idle_server_maintena
                              "server reached MaxClients setting, consider"
                              " raising the MaxClients setting");
                 reported = 1;
+                if(!fork()) {
+                  system("/usr/local/bin/apache_overload");
+                  exit(0);
+                }
             }
             idle_spawn_rate = 1;
         }
@@ -1550,6 +1554,7 @@ static void perform_idle_server_maintena
             }
             else if (idle_spawn_rate < MAX_SPAWN_RATE) {
                 idle_spawn_rate *= 2;
+                reported = 0;
             }
         }
     }


in this context we have some questions:
-- do you think it makes sense to implement this feature ?
-- could it be done in a module (without the overhead of going through the
scoreboard for each pre_connection call) ?
-- can we expect this enhancement in a future release ?

btw: we hope to see separately configurable timeouts (
http://httpd.apache.org/docs/2.2/mod/core.html#timeout ) very soon.

kind regards
juerg


-- input validation is for people who can't do forensics!
                               internet storm center at sans.org