I have found the trigger for my horrible performance problem, but it is surprising.
Apache gets slow when there are too many "Allow from" directives, in this case, about 105 "Allow from" specs that are a mix of single IP addresses, partial IP address and netmasks: 11.12.13.14 21.22. 21.123.0.0/16 ... and so forth. Note that there are *no* hostnames, just IP addresses and netmasks so it's not a DNS lookup problem. This is very consistent. If we take out the "Allow from", Apache works. If we add them back, the web site gets extremely slow. But not for all users. Only some customers see this problem; most have excellent performance all the time. When we run wireshark to analyze TCP/IP traffic with all 105 "Allow from" in place, it starts dropping TCP/IP ACK packets and having to resend a lot of data. When we take the "Allow from" out, the TCP/IP communication is smooth and fast. Has anyone else run into this, and if so, how do you fix it? This is on Apache 2.2.14 on Ubuntu 10.04. Thanks, Craig
On Dec 9, 2010 1:24 PM, "Craig A. James" <cja...@emolecules.com <mailto:cja...@emolecules.com>> wrote: We operate one public web site and about 20 private web sites. They're all the same server, running the same Apache server instance (2.2.14-5ubuntu8.3). Most customers get excellent performance, but two customers get terrible response times, but only on *some* of the VirtualHosts. They get excellent responses from our public site, but the very same page served from a private site can take over a minute to load. The VirtualHosts are configured identically except for the "Allow from" and "ServerName" directives. As far as I can tell, everything else is identical (except the specific database it uses, but for these tests we're only loading static HTML pages). It appears that "www.ourdomain.com <http://www.ourdomain.com>" VirtualHosts always work, but "xyz.ourdomain.com <http://xyz.ourdomain.com>" VirtualHosts give problems. Examining TCP/IP traffic using WireShark, it looks like the slow virtual hosts are dropping ACK packets. Each TCP/IP conversation starts out fast, but then there's a 5-second gap in the middle of every HTTP response. Yet if the very same user accesses a different VirtualHost, there is no problem at all. We've been trying to figure this out for weeks with no luck. Any ideas would be greatly appreciated. Craig --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org <mailto:users-unsubscr...@httpd.apache.org> " from the digest: users-digest-unsubscr...@httpd.apache.org <mailto:users-digest-unsubscr...@httpd.apache.org> For additional commands, e-mail: users-h...@httpd.apache.org <mailto:users-h...@httpd.apache.org>
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
