Hey James, All your config proposals are DoS/DDoS relevant. Timeouts mean, that a client can block a process or a thread (depening on your MPM) for a given time. A high timeout means, it will be blocked longer. A blocked process can not serve other clients. If you were a bank and you would allow a customer to stand in front of one of your clerks without saying a word for 7200 seconds, then this would be an invitation to block all your clerks with only 10 people or so. Unless you are a really big bank and it takes 25 or 50. A connection to your server means ram (and a few cpu cycles). 2000 maxclients means up to 2000 times the amount of ram. A typical apache process (in prefork mode) takes a couple of MBs. 2000 apache processes are a fairly big amount of ram. On Tue, Oct 16, 2007 at 08:33:28AM -0500, James Wuerflein wrote: > #Timeout 300 - Default > Timeout 7200 This means that a client can keep a request open for 7200 seconds. Unless you absolutely have to configure it that way, do not do that. Keep the default or lower it to reasonable values. Timeout 30 sounds sane to me. > KeepAlive On > > MaxKeepAliveRequests 100 > ### * MaxKeepAliveRequests 0 *- thinking I should change this to 0 ? No. Stick with the default. It means that a client can not block a process/thread until all eternity, but will have to reconnect from time to time. > > #KeepAliveTimeout 15 - Default > KeepAliveTimeout 7200 Stick with the default or lower it to something around 5. 5 means means the client gets a html page and can fetch all gifs/pngs belonging to the page via the same tcp connection. But for the next click (after more than 5 seconds, that is) he will have to open a new connection. 7200 seconds means, that he browses your page, goes away to read slashdot, but your webserver waits for 7200s to see if he can serve him again. Usually not a good idea. > MinSpareServers 5 > MaxSpareServers 20 This is totally dependent from your traffic. If you work with apache2, leave it alone and stick with the default unless you know what you are doing and you need to reconfigure it. > MaxClients 2000 Do you have a maximum of 2000 apache processes / threads available on this server? If not, then set it to the number of clients you are willing to serve at the same time. Note, that this is actually not the number of individual clients, but the number of connections. Your typical browser opens up to four connections in parallel. If we return to the bank: This is the number of clerks you want to have to take care of your customers. Ideally this is a number higher than your maximum load and very close to the value where the server crashes. Proper performance testing should reveal the good value. (For completeness: Imagine your bank customers having four heads to keep four clerks busy) > MaxRequestsPerChild 0 Leave it at the default value. If you have a broken module or some other nasty thing, it might eat all your ram. By telling a child to die after n requests, this memory leak is covered and the memory is freed. Under the line: Unless you know what you are doing: Stick with the default timeout values, do rather not mess with Min/MaxSpareServers (apache2 knows quite well what is best for him) and if you absolutely have to tune things, then lower the default timeout. just my 2 cents. Christian Folini --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|