httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael D. Wood" <m...@itsecuritypros.org>
Subject Re: [users@httpd] Re: apache service interruption
Date Mon, 29 Jul 2013 07:25:53 GMT
Also, you should be able to limit simultaneous client connections with 
your firewall and pass the traffic in a syn proxy state. There are 
numerous ways to achieve this.

On 07/29/2013 03:18 AM, Michael D. Wood wrote:
> You can always compile from source ;)
> What version of Apache are you running?
>
> On 07/29/2013 02:59 AM, Grant wrote:
>>> Was it just an IP exhausting the apache service with too many 
>>> connections?  What do you see in the access logs?  I use OSSEC HIDS 
>>> on my apache servers to mitigate this.
>>
>> In the access log I see the same IP made many requests during the
>> service interruption and I think that exhausted the apache service.
>> It looks like there isn't a Gentoo ebuild for OSSEC HIDS.  Is there
>> another way to prevent this sort of thing?
>>
>> - Grant
>>
>>
>>>>> My server has 4GB RAM and uses nginx as a reverse proxy to 
>>>>> apache. A
>>>>> little while ago my website became inaccessible for about 30 
>>>>> minutes.
>>>>> I checked my munin graphs and it looks like apache processes 
>>>>> spiked to
>>>>> about 29 during this time which is many times greater than usual. 
>>>>> I
>>>>> have MaxClients at 30 and the error log verifies that MaxClients 
>>>>> was
>>>>> not reached.  The strange part is system disk latency shows a 
>>>>> spike
>>>>> during the interruption which is only very slightly greater than 
>>>>> other
>>>>> spikes which did not interrupt service.  System CPU, memory, and 
>>>>> swap
>>>>> usage don't show anything interesting at all.
>>>>>
>>>>> Does this make sense to anyone?  Should I decrease MaxClients?
>>>>>
>>>>> - Grant
>>>>
>>>>I've looked over my access_log and I can see there is a particular 
>>>> IP
>>>>which was making many requests during the interruption.  Since 
>>>> munin
>>>>does not show there was an excessive amount of memory or CPU usage,
>>>>lowering MaxClients won't help?
>>>>
>>>>- Grant
>>
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message