The defaults in the docs really cater to a low-traffic server; perhaps there should be a note to that effect.
On Wed, 26 Oct 2022 at 01:47, Mike Dewhirst <mi...@dewhirst.com.au> wrote: > On 26/10/2022 12:45 pm, Frank Gingras wrote: > > You could temporarily increase your ThreadsPerChild, as 25 is extremely > low and increases the chances of that bug occurring. > > > Thanks Frank > > These are the adjustments I made ... > > ThreadLimit 500 #64 > ThreadsPerChild 250 #25 > > The server is not heavily used other than by script-kiddies looking for > php hacks. My next project is to find some way to black-hole anything with > php or wp in the request. Maybe a redirect to google or something. > > > I'd have to find out what fix applies to this bug, and why your > installation is still vulnerable. Perhaps your distro used backports. > > > I can't answer such questions. > > But the defaults were very restrictive originally - set by DigitalOcean I > suppose. I changed them to the defaults specified in the Apache docs - per > the comment lines in my original post. > > Thanks for responding so quickly. > > Cheers > > mike > > > On Tue, 25 Oct 2022 at 20:02, Mike Dewhirst <mi...@dewhirst.com.au> wrote: > >> My Apache 2.4.52 is crashing with a bug apparently eliminated in 2.4.7. >> >> Server Version: Apache/2.4.52 (Ubuntu 2022.04) OpenSSL/3.0.2 >> mod_wsgi/4.9.0 Python/3.10 >> Server MPM: event >> Server Built: 2022-06-14T12:30:21 >> >> DigitalOcean droplet 8GB memory, dedicated CPU. >> >> The log says ... >> [Mon Oct 24 04:50:35.867241 2022] [mpm_event:error] [pid 904:tid >> 140622640994176] AH03490: scoreboard is full, not at >> MaxRequestWorkers.Increase ServerLimit. >> >> mpm-event.conf ... >> # event MPM >> # ServerLimit: Upper limit on configurable number of processes (default >> 16) >> # StartServers: initial number of server processes to start (default 3) >> # MinSpareThreads: minimum number of worker threads which are kept spare >> (default 75) >> # MaxSpareThreads: maximum number of worker threads which are kept spare >> (default 250) >> # ThreadLimit: upper limit on the configurable number of threads per >> child process (default 64) >> # ThreadsPerChild: constant number of worker threads in each server >> process (default 25) >> # MaxRequestWorkers: maximum number of worker threads >> (ServerLimit*ThreadsPerChild) >> # MaxConnectionsPerChild: maximum number of requests a server process >> serves >> <IfModule mpm_event_module> >> ServerLimit 16 >> StartServers 3 >> MinSpareThreads 75 >> MaxSpareThreads 250 >> ThreadLimit 64 >> ThreadsPerChild 25 >> AsyncRequestWorkerFactor 2 >> MaxRequestWorkers 400 >> MaxConnectionsPerChild 0 >> </IfModule> >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > > -- > Signed email is an absolute defence against phishing. This email has > been signed with my private key. If you import my public key you can > automatically decrypt my signature and be sure it came from me. Just > ask and I'll send it to you. Your email software can handle signing. > >
