httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: [users@httpd] Some VirtualHosts extremely slow, others very fast
Date Thu, 09 Dec 2010 19:41:17 GMT

----- "Craig A. James" <cjames@emolecules.com> wrote:

> I have found the trigger for my horrible performance problem, but it
> is surprising.
> 
> Apache gets slow when there are too many "Allow from" directives, in
> this case, about 105 "Allow from" specs that are a mix of single IP
> addresses, partial IP address and netmasks:

105 allow froms shouldn't cause a 5 second delay.
Are you absolutely certain that you don't have HostnameLookups set
to something funny?

>    11.12.13.14
>    21.22.
>    21.123.0.0/16
> 
> ... and so forth.  Note that there are *no* hostnames, just IP
> addresses and netmasks so it's not a DNS lookup problem.
> 
> This is very consistent.  If we take out the "Allow from", Apache
> works.  If we add them back, the web site gets extremely slow.  But
> not for all users.  Only some customers see this problem; most have
> excellent performance all the time.
> 
> When we run wireshark to analyze TCP/IP traffic with all 105 "Allow
> from" in place, it starts dropping TCP/IP ACK packets and having to
> resend a lot of data.  When we take the "Allow from" out, the TCP/IP
> communication is smooth and fast.

Check if there's any DNS traffic going on that shouldn't.

> Has anyone else run into this, and if so, how do you fix it?

Put access control policies like this -- if they are so many --
in iptables.

> This is on Apache 2.2.14 on Ubuntu 10.04.
> 
> Thanks,
> Craig

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message