odd behavior in apache 2.0.58 today
John Von Essen
john at essenz.com
Tue Jul 18 18:39:25 UTC 2006
Did some googling and I did find a connection between excessive
CLOSED_WAITS, and hanging apache, and webbots. Some of the IP's I saw in
my netstat were bots too. The problem has something to do with the bot no
longer accepting data, but apache will continue to send it back since the
bot didn't close the connection.
Because my MaxClients was set to 150, my server got so bogged down, that
it actually crashed and I had to power cycle. I moved that down to 75,
which is still more than enough for me, so if it happens again, my system
should remain up in order to restart apache.
Any ideas if I can tweak apache to prevent this from happening? Maybe
I have to allow bots, maybe some are worse then others.
On Tue, 18 Jul 2006, Doug Barton wrote:
> John Von Essen wrote:
>> Had a little crash today, that appears to be apache related, but is
>> confusing nonetheless.
>> My server hosts a fair amount of websites, but nothing crazy. Uptime is
>> usually only 0.5. Anyway, it got real slow, when I finally logged in,
>> uptime was 152, ps -aux showed alot of apache pids, over a 100 (its
>> usually 10 or so), and a netstat -an showed alot of connections to port
>> 80. The odd thing though was all the connections were CLOSED_WAIT
>> Machine is running 6-STABLE, and has 1Gb of memory, with a HT P4 3.2
>> GHz. And the HT has been turned on, even though its disabled by default.
>> Any ideas as to what is going on? Is there maybe an issue with apache
>> that triggered something, or maybe it was just a random DoS attack.
> Back when I was doing hosting I saw that same behavior with Apache 1.x when
> a very aggressive spider went after sites on our systems. Restarting Apache
> was usually all it took to set things right again.
> This .signature sanitized for your protection
> freebsd-hackers at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers