httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant <emailgr...@gmail.com>
Subject Re: [users@httpd] Re: apache service interruption
Date Mon, 29 Jul 2013 18:07:43 GMT
> Also, you should be able to limit simultaneous client connections with your
> firewall and pass the traffic in a syn proxy state. There are numerous ways
> to achieve this.

Is that the best way to go besides OSSEC HIDS?  I can imagine that
sort of thing could cause problems.

- Grant


>> You can always compile from source ;)
>> What version of Apache are you running?
>>
>> On 07/29/2013 02:59 AM, Grant wrote:
>>>>
>>>> Was it just an IP exhausting the apache service with too many
>>>> connections?  What do you see in the access logs?  I use OSSEC HIDS on my
>>>> apache servers to mitigate this.
>>>
>>>
>>> In the access log I see the same IP made many requests during the
>>> service interruption and I think that exhausted the apache service.
>>> It looks like there isn't a Gentoo ebuild for OSSEC HIDS.  Is there
>>> another way to prevent this sort of thing?
>>>
>>> - Grant
>>>
>>>
>>>>>> My server has 4GB RAM and uses nginx as a reverse proxy to apache.
A
>>>>>> little while ago my website became inaccessible for about 30 minutes.
>>>>>> I checked my munin graphs and it looks like apache processes spiked
to
>>>>>> about 29 during this time which is many times greater than usual.
I
>>>>>> have MaxClients at 30 and the error log verifies that MaxClients
was
>>>>>> not reached.  The strange part is system disk latency shows a spike
>>>>>> during the interruption which is only very slightly greater than
other
>>>>>> spikes which did not interrupt service.  System CPU, memory, and
swap
>>>>>> usage don't show anything interesting at all.
>>>>>>
>>>>>> Does this make sense to anyone?  Should I decrease MaxClients?
>>>>>>
>>>>>> - Grant
>>>>>
>>>>>
>>>>> I've looked over my access_log and I can see there is a particular IP
>>>>> which was making many requests during the interruption.  Since munin
>>>>> does not show there was an excessive amount of memory or CPU usage,
>>>>> lowering MaxClients won't help?
>>>>>
>>>>> - Grant

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message