Re: high count h2 idle streams

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Note Apache httpd also has a non-third party module called
mod_reqtimeout to prevent SlowLoris attacks

2017-10-09 13:40 GMT+02:00 Hajo Locke <Hajo.Locke@xxxxxx>:
> Hello,
>
>
> Am 09.10.2017 um 12:33 schrieb Hajo Locke:
>>
>> Hello List,
>>
>> found today an abnormality in my apachestatus for some servers.
>> There are a lot of "h2  idle, streams" in apachestatus. This looks like
>> this:
>>
>> 14-0 28241 0/41/41 K  0.25 128 1 0.0 0.10 0.10  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 15-0 28242 0/11/11 K  0.25 120 1 0.0 0.61 0.61  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 16-0 28243 0/15/15 K  0.22 8 1 0.0 0.39 0.39  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 17-0 28245 0/25/25 K  0.40 278 1 0.0 1.13 1.13  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 18-0 28246 0/46/46 K  0.52 35 54 0.0 1.53 1.53  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 19-0 28250 0/7/7 K  0.12 58 0 0.0 0.02 0.02  ip.ip.ip.ip h2  idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 20-0 28277 0/3/3 K  0.24 243 66 0.0 0.23 0.23  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 21-0 28278 0/8/8 K  0.15 102 1 0.0 0.29 0.29  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 22-0 28280 0/5/5 K  0.12 18 1 0.0 0.31 0.31  ip.ip.ip.ip h2  idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>>
>> Some servers have hundreds of this, never noticed this before.
>> This connections have status K or W. Ist this a kind of attack to reach
>> MaxRequestWorkers?
>> It seems the number of this connections can be reduced by reducing
>> H2MaxWorkerIdleSeconds to a lower value.
>> Apacheversion is 2.4.27.
>> What should i do now?
>
> it seems that i found problem. it looks like standard-dos with slowloris. i
> think i just was confused by mod_http2 output. deactivating http2 just shows
> same problem with http1.1
> mod_qos is a really good helper for this kind of problems.
>
>>
>> Thanks,
>> Hajo
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>



-- 
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux