On Thu, Sep 14, 2006 at 05:14:55PM +0200, Willem Jan Withagen wrote: > I had several suggestions this direction. And it does help a little. > The math is however against me. > > I had over 50 request/sec for this file. Now if the virus uses anything > which leaves the connection open for regular timeout, and the server uses > keepAlive. Then you are running into trouble because you soon run out of > server slots. And even if you were to up with the standard apache settings > for 15 secs, you have to set it at 750 serverslots. > > A serverslot takes about 13Mb virtual memory of which is about 8M resident. > The machine has 512mb real memory, so after about 60 servers the machine > starts to swap. Which works until about 100-150 serverslots (empirical > prove). > Now imagine what 500 would do, which is the initial setting for the number > of MaxServers. The machine comes to a grinding halt. Which was what we also > painfully found out. > > So solutions here are: > either a very short keepalive timeout > or no keepalive at all. > > Note that since this morning over 45.000 infected systems tried to access > this server.
<puts on evil hat> Configure Apache to issue a HTTP 302 redirect to some big file on microsoft.com You might even be able to get them to download the Windows Defender thing to clean up their systems </puts on evil hat> You might still have to turn off keepalives :-( _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
