httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver" <oliver...@gmail.com>
Subject RE: [users@httpd] Limiting connections per IP
Date Thu, 27 Sep 2007 17:45:42 GMT
On 27 September 2007 17:50, jslive@gmail.com wrote:
> Apache is a single-thread/process-per-connection server. In order for
> any apache module to handle a connection, it must be accepted by a
> thread/process and will thus count towards MaxClients until it gets
> dropped/responded to. There is no way to avoid that, short of major
> architectural changes (which are slowly appearing via the event mpm).
> 
> If you need to make sure that requests don't make it through to apache
> at all (and therefore don't count towards MaxClients), you really need
> to use your OS firewall. This is by far the most efficient way to
> handle the problem as well. So you may want to go back to looking at
> ways to fix iptables.

Ah thanks for the info, I suspected this might be the case, as I've tried
several modules all with the same result. Even the event mpm is not a
solution at this stage until PHP ceases to be un-recommended with threaded
apache.

I'll have a word with my VPS provider but I suspect they'll be unwilling to
make changes to the global system in order to patch the iptables bug in
Ubuntu. The connlimit iptables match would be ideal.

Oliver.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message