Is you mean below lines in "httpd.conf" file?
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
On Thursday, January 14, 2021, 11:43:33 PM GMT+3:30, Richard <lists-apache@xxxxxxxxxxxxxxxxxxxxx> wrote:
You should look at adding the %D and %T format strings to your httpd
access log configuration so that you can capture the amount of time
spent in delivery of a resource.
> Date: Thursday, January 14, 2021 11:48:55 +0000
> From: Jason Long <hack3rcon@xxxxxxxxx.INVALID>
>
> Server have 4 CPU cores and 6GB of RAM.
> I pasted Apache configuration. In your opinion, which parts of
> servers must be examine?
>
>
> On Wednesday, January 13, 2021, 08:30:58 PM GMT+3:30, @lbutlr
> <kremels@xxxxxxxxx> wrote:
>
>
>> On 12 Jan 2021, at 01:52, Jason Long <hack3rcon@xxxxxxxxx.INVALID>
>> wrote:
>>
>> It show me:
>>
>> 13180 X.X.X.X
>> 1127 X.X.X.X
>> 346 X.X.X.X
>> 294 X.X.X.X
>> 241 X.X.X.X
>> 169 X.X.X.X
>> 168 X.X.X.X
>> 157 X.X.X.X
>> 155 X.X.X.X
>> 153 X.X.X.X
>
> Your server would not be getting bogged down by that few
> connections unless your hardware is very weak or you are hosting
> something insane.
>
> I have a very lightly used web server that gets more than 40K hits
> a day running on a Celeron machine with a whole 4GB of RAM and my
> load average is in the 1.2 range consistently.
>
> I wonder if there is not some configuration error.
>
> Also, the URLs shown in your logs starting with /tag/ followed by a
> long series of hex digits, do those look like valid URLs for your
> server?
>
> Do a dig -x on the IP that is hitting you 13,000 times and see
> where it is. You can try firewalling it, but if it's not some
> misconfigured server, the DOS will simply move to another IP.
>
>> https://paste.ubuntu.com/p/PsxM8yPXPQ/
>
> I haven't run F2B in quite a while, but is that a list of IPs that
> you are whitelisiing or does [Protect] mean "Protect FROM"?
>
> But if 13,000 queries are crippling your web server, I think your
> real problem lies elsewhere than the 13,000 hits.
>
> (You are loading almost double the modules that I am, by the way.
> It seems like an lot. Do you know why each of those modules is
> enabled?)
------------ End Original Message ------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|