Dear all,

Before the GA announcement for 2.4.1, I think it would be helpful to mention the following in the 'Upgrading to 2.4 from 2.2' documentation:

In 2.2 and before, MaxRequestsPerChild was set to a default value of 10000 (defined in server/mpm/worker/mpm_default.h), which made sure that child processes were killed regularly, which has the effect that nasty memory leaking scripts (PHP for example) can't permanently fill up server resources. 

In 2.3/2.4, apart from being renamed to MaxConnectionsPerChild, this default value for this directive has been removed. This means that any user upgrading from 2.2 (or before) to 2.4, will have to keep an eye on the servers' resource usage, since the child requests will live indefinately until the httpd is restarted. 

I can see the point of removing this default setting to expose badly scripted resources, but for system administrators upgrading their Apache HTTPD and finding this out *after* their server has been effectively DoS'ed by those scripts, this could be documented better in the upgrade notes.

Any thoughts on this?

Kind regards,
Mathijs Schmittmann


--
Gr,

Mathijs