httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant <>
Subject Re: [users@httpd] Re: apache service interruption
Date Mon, 29 Jul 2013 18:07:43 GMT
> Also, you should be able to limit simultaneous client connections with your
> firewall and pass the traffic in a syn proxy state. There are numerous ways
> to achieve this.

Is that the best way to go besides OSSEC HIDS?  I can imagine that
sort of thing could cause problems.

- Grant

>> You can always compile from source ;)
>> What version of Apache are you running?
>> On 07/29/2013 02:59 AM, Grant wrote:
>>>> Was it just an IP exhausting the apache service with too many
>>>> connections?  What do you see in the access logs?  I use OSSEC HIDS on my
>>>> apache servers to mitigate this.
>>> In the access log I see the same IP made many requests during the
>>> service interruption and I think that exhausted the apache service.
>>> It looks like there isn't a Gentoo ebuild for OSSEC HIDS.  Is there
>>> another way to prevent this sort of thing?
>>> - Grant
>>>>>> My server has 4GB RAM and uses nginx as a reverse proxy to apache.
>>>>>> little while ago my website became inaccessible for about 30 minutes.
>>>>>> I checked my munin graphs and it looks like apache processes spiked
>>>>>> about 29 during this time which is many times greater than usual.
>>>>>> have MaxClients at 30 and the error log verifies that MaxClients
>>>>>> not reached.  The strange part is system disk latency shows a spike
>>>>>> during the interruption which is only very slightly greater than
>>>>>> spikes which did not interrupt service.  System CPU, memory, and
>>>>>> usage don't show anything interesting at all.
>>>>>> Does this make sense to anyone?  Should I decrease MaxClients?
>>>>>> - Grant
>>>>> I've looked over my access_log and I can see there is a particular IP
>>>>> which was making many requests during the interruption.  Since munin
>>>>> does not show there was an excessive amount of memory or CPU usage,
>>>>> lowering MaxClients won't help?
>>>>> - Grant

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message