From owner-freebsd-questions@FreeBSD.ORG Thu Jun 21 07:32:30 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0A9FC106564A for ; Thu, 21 Jun 2012 07:32:30 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 875BF8FC16 for ; Thu, 21 Jun 2012 07:32:29 +0000 (UTC) Received: by werg1 with SMTP id g1so304926wer.13 for ; Thu, 21 Jun 2012 00:32:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:in-reply-to:mime-version:content-transfer-encoding :content-type:message-id:cc:x-mailer:from:subject:date:to :x-gm-message-state; bh=x6LtOMhY0PTAGCdN6qLhr+YhIQPFxSLOqGwnMdvzABY=; b=JAyhkzs85AH5bcnEnqcnmp27UrlaUFSbFm3te6FNy5FWVp0vi7SzKAPd+lXNGpasjv 02MTmdXBC5h7QfYHHqhcoFuP2kmlxhe4YEoyD5IERkLdwxZM211X139ha4MSyAYdiV1u bCn/DMMo10wlVVpv6CmkGw7FuNj5abvx5/2lg9NNlkWmZxXPcxZWYo8swy8SDOgiEAPx P4QnQMEaGA9eGxjPF2MKuA/Y1zyVAPrsDSWBwXWjD4CLlI+vUkwWb1OPR/Nuea2Q3M5r ng46iykHCFoWqEa6BZxNga/vLAaUZDKOC6W0UZQIgBb1XjL17MlKBhG9XEMtC0DaDt/S HuvQ== Received: by 10.180.94.4 with SMTP id cy4mr17854281wib.2.1340263944998; Thu, 21 Jun 2012 00:32:24 -0700 (PDT) Received: from [10.54.108.134] ([92.90.16.98]) by mx.google.com with ESMTPS id fo7sm44375624wib.9.2012.06.21.00.32.23 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 21 Jun 2012 00:32:24 -0700 (PDT) References: In-Reply-To: Mime-Version: 1.0 (1.0) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: X-Mailer: iPhone Mail (9A405) From: Damien Fleuriot Date: Thu, 21 Jun 2012 09:32:18 +0200 To: n dhert X-Gm-Message-State: ALoCoQnE1mOYGcFSfeZ0xI8pGRRzbu6tr+6H+tiEKRhl8L2w62h5GGEF4veQRAssVP8uEWNjz6xe Cc: "freebsd-questions@freebsd.org" Subject: Re: apache PHP suhosin load X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2012 07:32:30 -0000 On 21 Jun 2012, at 08:34, n dhert wrote: > On FreeBSD 8.3 I have apache22 web server with PHP. PHP is PHP52 for > compatibility with existing applications, but the most recent version > in the php52 branch > $ php --version > PHP 5.2.17 with Suhosin-Patch 0.9.7 (cli) (built: May 7 2012 08:45:58) >=20 >> =46rom time to time, I notice in a top output, that a huge number of http= d > daemons are being started, making the load rapidly increase to levels of > 5, 10, 15, ... and very slow interactive respons ... >=20 > Stopping apache makes the load rapidly decrease to a normal level. >=20 > I noticed at the console, at stopping apache, several messages such as >=20 > Jun 14 09:12:20 macos kernel: Jun 14 09:12:20 macos suhosin[28824]: ALERT -= > canary mismatch on efree() - heap overflow detected (attacker 'REMOTE_ADDR= > not set', file > '/home/wins/win/win/www/wiki/mediawiki-1.16.0/includes/AutoLoader.php', > line 654) >=20 > (the file value differs, but it's always "suhosin .. canany mismatch > - heap overflow detected") > My PHP has following options set > # cd /usr/ports/lang/php52 >=20 > My PHP has following options set > # cd /usr/ports/lang/php52 > # make showconfig > =3D=3D=3D> The following configuration options are available for php52-5.2= .17_8: > CLI=3Don: Build CLI version > CGI=3Don: Build CGI version > APACHE=3Don: Build Apache module > DEBUG=3Doff: Enable debug > SUHOSIN=3Don: Enable Suhosin protection system (not for jails) > MULTIBYTE=3Doff: Enable zend multibyte support > IPV6=3Don: Enable ipv6 support > MAILHEAD=3Doff: Enable mail header patch > REDIRECT=3Doff: Enable force-cgi-redirect support (CGI only) > DISCARD=3Doff: Enable discard-path support (CGI only) > FASTCGI=3Don: Enable fastcgi support (CGI only) > FPM=3Doff: Enable fastcgi process manager (CGI only) > PATHINFO=3Don: Enable path-info-check support (CGI only) > LINKTHR=3Doff: Link thread lib (for threaded extensions) >=20 > Is that heap overlow causing the trouble? Has suhosin to do something with= > it? > How to solve? >=20 For starters, I would suggest moving away from apace and towards nginx + fas= tcgi php. A friend had a small dedicated server with a vbulletin forum overloaded with= addons, and apache/php were bringing the server to "high" load levels, 10-2= 0ish. I've moved him to nginx and the server hardly ever goes above 1 now. Additionally, nginx is immune to Slowloris attacks, while apache is not. Only after migrating to nginx would I investigate of the suhosin problem sti= ll exists.=