On Nov 18, 2007 10:28 AM, Ben Macintosh <bmac.list@xxxxxxxxx> wrote: > Hi > I'm currently facing a problem which I can't find any help for. > Every once in a while, my webserver doesn't respond to requests > anymore, i.e. the browser simply keeps on loading but doesn't get any > data. > > Using the status mod I found that in such a situation every possible > "slot" is being used by requests staying in "..reading.." status. > After restarting apache all the pending requests get processed but > after a few seconds all the slots are being blocked by the > "..reading.." status again. > > After some tests I could reproduce the situation with simply > initiating multiple telnet session to the webserver without sending > any data. Every such request blocks a slot for the default timeout of > 300 seconds. > > Is this common behaviour? If so, how to prevent it? > As I understand the issue it's a very simple DoS as it neither does > require a lot of cpu nor bandwidth on the client side. See: http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos The standard solution is a simple firewall rule to control number of connections per ip at some reasonable level. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|