On 27 September 2007 17:50, jslive@xxxxxxxxx wrote: > Apache is a single-thread/process-per-connection server. In order for > any apache module to handle a connection, it must be accepted by a > thread/process and will thus count towards MaxClients until it gets > dropped/responded to. There is no way to avoid that, short of major > architectural changes (which are slowly appearing via the event mpm). > > If you need to make sure that requests don't make it through to apache > at all (and therefore don't count towards MaxClients), you really need > to use your OS firewall. This is by far the most efficient way to > handle the problem as well. So you may want to go back to looking at > ways to fix iptables. Ah thanks for the info, I suspected this might be the case, as I've tried several modules all with the same result. Even the event mpm is not a solution at this stage until PHP ceases to be un-recommended with threaded apache. I'll have a word with my VPS provider but I suspect they'll be unwilling to make changes to the global system in order to patch the iptables bug in Ubuntu. The connlimit iptables match would be ideal. Oliver. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|