Re: Howto accept only one connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver,

On 2/19/16 10:11 AM, Oliver Graute wrote:
> On 19/02/16, Aurélien Terrestris wrote:
>> Hello,
>> 
>> I'm not sure we can accept only one connection at a given time. I
>> tested with the "prefork MPM", and I only achieve 1 concurrent
>> request being processed at a given time and all others requests
>> are buffered (ListenBackLog doesn't seem to work on my server).
>> Once the 1st request has been processed, the other ones are
>> processed one after the other.
>> 
>> If running on a Linux, maybe should you configure the iptables to
>> limit connections to 1 for the httpd port. Behind a F5
>> loadbalancer, there is the Connection Limit parameter on the
>> virtual server which can be set.
>> 
>> 
>> my httpd conf :
>> 
>> ./configure .....  --with-mpm=prefork
>> 
>> <IfModule mpm_prefork_module> StartServers             1 
>> MinSpareServers          1 MaxSpareServers          0 
>> MaxRequestWorkers        1 MaxConnectionsPerChild   0 
>> ListenBacklog            1 ServerLimit              1 
>> </IfModule>
> 
> thx for this proposal, i will try it this way...

I'm kind of curious why you are using Apache httpd if you just want a
single connection to be available. Anyone can write a
single-connection HTTP service in about two pages of higher-level
source code (e.g. Python, Java, C#, maybe even Perl). This is a bit
like using a Saturn V rocket to launch a weather balloon.

For a single connection, make sure that you disable keepalive -- or at
least set the keep alive timeout to something small, like 1 second.
Otherwise, you'll DOS yourself quite easily. I would also set the TCP
backlog to something small. Maybe as little as 1 (or 0, if that
doesn't actually mean "backlog until we run out of memory").

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlbHMyAACgkQ9CaO5/Lv0PCRigCfTmzndG7agsZ9EmwM0sJTLMV9
ccAAoLD/DvkLbrsZhNnQMRXDQGRU+KOR
=NC4e
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux