httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gil Disatnik <...@disatnik.com>
Subject Re: [users@httpd] Possible DDOS attack... ?
Date Sat, 18 Oct 2003 10:12:24 GMT
You are right, my bad... I am using 1.3.28
I have set MaxClients to 105 instead of the default because it used to kill 
my machine.

If I understand you right - a misconfigured client can result in spawning 
many apache childs?
I always thought that apache has 1 child per session regardless to the http 
connections the client is opening, and even if a user opens more of the 
same browser he uses - apache should still have a single child attending to 
this session.

So, what do you say? if it is indeed misconfigured clients, what can I do 
about it? more than 110 apache processes will choke the server, I find it a 
bit annoying that a single user going to a heavy page will spawn so many 
child processes...
I have:
MinSpareServers 10
MaxSpareServers 20
MaxClients 105

Thanks.

At 07:42 PM 10/15/2003, you wrote:
>Gil Disatnik wrote:
>
> > Actually - I do see a legitimate access on one of the virtual hosts access
> > log files, however, I see only a single GET for a one of the php files on
> > the server and then the other gets for the objects referred to by the php
> > output.
> > Could it be that apache is spawning a child process for every GET directive
> > even if it's the same session? could it be the user's client has a problem
> > and uses different session numbers all the time?
>
>Well, persistent connections/keep-alives are an optional thing.  A
>client can open a new connection for every object that it retrieves, and
>this is perfectly valid http behaivor.  Some clients and/or proxy
>servers just don't do persistent connections.
>
>As far as Apache and spawning, you didn't mention whether this is 1.x or
>2.x.  In 1.x, Apache uses the "prefork" method, which basically means
>that it keeps a pool of workers, and if it sees that there are less than
>some minimum number of free workers it will spawn more, up to the limit
>of 'MaxClients'.  So, if you only have a few workers and a lot of
>requests come in then Apache will spawn more, but it's not a 1:1 type of
>thing where every request causes a spawn -- that would result in
>terrible performance.
>
>Brian
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


Regards

Gil Disatnik
UNIX system administrator.

GibsonLP@EFnet
http://gil.disatnik.com

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
apt-get install slackware
--------------------------------------------------------------------
"Windows NT has detected mouse movement, you MUST restart
your computer before the new settings will take effect, [ OK ]"
--------------------------------------------------------------------
Windows is a 32 bit patch to a 16 bit GUI based on a 8 bit operating
system, written for a 4 bit processor by a 2 bit company which can
not stand 1 bit of competition.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-  


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message