Re: Re: apache service interruption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Also, you should be able to limit simultaneous client connections with your
> firewall and pass the traffic in a syn proxy state. There are numerous ways
> to achieve this.

Is that the best way to go besides OSSEC HIDS?  I can imagine that
sort of thing could cause problems.

- Grant


>> You can always compile from source ;)
>> What version of Apache are you running?
>>
>> On 07/29/2013 02:59 AM, Grant wrote:
>>>>
>>>> Was it just an IP exhausting the apache service with too many
>>>> connections?  What do you see in the access logs?  I use OSSEC HIDS on my
>>>> apache servers to mitigate this.
>>>
>>>
>>> In the access log I see the same IP made many requests during the
>>> service interruption and I think that exhausted the apache service.
>>> It looks like there isn't a Gentoo ebuild for OSSEC HIDS.  Is there
>>> another way to prevent this sort of thing?
>>>
>>> - Grant
>>>
>>>
>>>>>> My server has 4GB RAM and uses nginx as a reverse proxy to apache. A
>>>>>> little while ago my website became inaccessible for about 30 minutes.
>>>>>> I checked my munin graphs and it looks like apache processes spiked to
>>>>>> about 29 during this time which is many times greater than usual. I
>>>>>> have MaxClients at 30 and the error log verifies that MaxClients was
>>>>>> not reached.  The strange part is system disk latency shows a spike
>>>>>> during the interruption which is only very slightly greater than other
>>>>>> spikes which did not interrupt service.  System CPU, memory, and swap
>>>>>> usage don't show anything interesting at all.
>>>>>>
>>>>>> Does this make sense to anyone?  Should I decrease MaxClients?
>>>>>>
>>>>>> - Grant
>>>>>
>>>>>
>>>>> I've looked over my access_log and I can see there is a particular IP
>>>>> which was making many requests during the interruption.  Since munin
>>>>> does not show there was an excessive amount of memory or CPU usage,
>>>>> lowering MaxClients won't help?
>>>>>
>>>>> - Grant

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux