Re: [users@httpd] Re: apache service interruption

Mon, 29 Jul 2013 19:43:14 -0700

You wouldn't keep a syn proxy rule enabled all the time; only under a DoS attack. You could also implement ModSecurity. 

On 07/29/2013 02:07 PM, Grant wrote:
Also, you should be able to limit simultaneous client connections with your firewall and pass the traffic in a syn proxy state. There are numerous ways 
to achieve this.


Is that the best way to go besides OSSEC HIDS?  I can imagine that
sort of thing could cause problems.

- Grant



You can always compile from source ;)
What version of Apache are you running?

On 07/29/2013 02:59 AM, Grant wrote:


Was it just an IP exhausting the apache service with too many

connections?  What do you see in the access logs?  I use OSSEC 
HIDS on my

apache servers to mitigate this.



In the access log I see the same IP made many requests during the

service interruption and I think that exhausted the apache 
service.
It looks like there isn't a Gentoo ebuild for OSSEC HIDS.  Is 
there

another way to prevent this sort of thing?

- Grant



My server has 4GB RAM and uses nginx as a reverse proxy to 
apache. A
little while ago my website became inaccessible for about 30 
minutes.
I checked my munin graphs and it looks like apache processes 
spiked to
about 29 during this time which is many times greater than 
usual. I
have MaxClients at 30 and the error log verifies that 
MaxClients was
not reached.  The strange part is system disk latency shows a 
spike
during the interruption which is only very slightly greater 
than other
spikes which did not interrupt service.  System CPU, memory, 
and swap

usage don't show anything interesting at all.

Does this make sense to anyone?  Should I decrease MaxClients?

- Grant




I've looked over my access_log and I can see there is a 
particular IP
which was making many requests during the interruption.  Since 
munin
does not show there was an excessive amount of memory or CPU 
usage,

lowering MaxClients won't help?

- Grant


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org























					Reply via email to