Note Apache httpd also has a non-third party module called mod_reqtimeout to prevent SlowLoris attacks 2017-10-09 13:40 GMT+02:00 Hajo Locke <Hajo.Locke@xxxxxx>: > Hello, > > > Am 09.10.2017 um 12:33 schrieb Hajo Locke: >> >> Hello List, >> >> found today an abnormality in my apachestatus for some servers. >> There are a lot of "h2 idle, streams" in apachestatus. This looks like >> this: >> >> 14-0 28241 0/41/41 K 0.25 128 1 0.0 0.10 0.10 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 15-0 28242 0/11/11 K 0.25 120 1 0.0 0.61 0.61 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 16-0 28243 0/15/15 K 0.22 8 1 0.0 0.39 0.39 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 17-0 28245 0/25/25 K 0.40 278 1 0.0 1.13 1.13 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 18-0 28246 0/46/46 K 0.52 35 54 0.0 1.53 1.53 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 19-0 28250 0/7/7 K 0.12 58 0 0.0 0.02 0.02 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 20-0 28277 0/3/3 K 0.24 243 66 0.0 0.23 0.23 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 21-0 28278 0/8/8 K 0.15 102 1 0.0 0.29 0.29 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> 22-0 28280 0/5/5 K 0.12 18 1 0.0 0.31 0.31 ip.ip.ip.ip h2 idle, >> streams: 0/0/0/0/0 (open/recv/resp/push/rst) >> >> Some servers have hundreds of this, never noticed this before. >> This connections have status K or W. Ist this a kind of attack to reach >> MaxRequestWorkers? >> It seems the number of this connections can be reduced by reducing >> H2MaxWorkerIdleSeconds to a lower value. >> Apacheversion is 2.4.27. >> What should i do now? > > it seems that i found problem. it looks like standard-dos with slowloris. i > think i just was confused by mod_http2 output. deactivating http2 just shows > same problem with http1.1 > mod_qos is a really good helper for this kind of problems. > >> >> Thanks, >> Hajo >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx