From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 18 18:39:25 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 207EA16A4DD for ; Tue, 18 Jul 2006 18:39:25 +0000 (UTC) (envelope-from john@essenz.com) Received: from beck.quonix.net (beck.quonix.net [146.145.66.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1020E43D6E for ; Tue, 18 Jul 2006 18:39:23 +0000 (GMT) (envelope-from john@essenz.com) Received: from beck.quonix.net (localhost [127.0.0.1]) by beck.quonix.net (8.13.7/8.13.7) with ESMTP id k6IIdNYH068122 for ; Tue, 18 Jul 2006 14:39:23 -0400 (EDT) Received: from localhost (essenz@localhost) by beck.quonix.net (8.13.7/8.13.7/Submit) with ESMTP id k6IIdNW5068119 for ; Tue, 18 Jul 2006 14:39:23 -0400 (EDT) X-Authentication-Warning: beck.quonix.net: essenz owned process doing -bs Date: Tue, 18 Jul 2006 14:39:23 -0400 (EDT) From: John Von Essen X-X-Sender: essenz@beck.quonix.net To: freebsd-hackers@freebsd.org In-Reply-To: <44BD2783.1000609@FreeBSD.org> Message-ID: <20060718143105.B64880@beck.quonix.net> References: <20060718140354.V64880@beck.quonix.net> <44BD2783.1000609@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Spamassassin-Score: -1.442/6 ALL_TRUSTED,SPF_HELO_PASS,SPF_PASS X-Mimedefang: beck.quonix.net X-Scanned-By: MIMEDefang 2.57 on 146.145.66.90 Subject: Re: odd behavior in apache 2.0.58 today X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2006 18:39:25 -0000 Doug, Did some googling and I did find a connection between excessive CLOSED_WAITS, and hanging apache, and webbots. Some of the IP's I saw in my netstat were bots too. The problem has something to do with the bot no longer accepting data, but apache will continue to send it back since the bot didn't close the connection. Because my MaxClients was set to 150, my server got so bogged down, that it actually crashed and I had to power cycle. I moved that down to 75, which is still more than enough for me, so if it happens again, my system should remain up in order to restart apache. Any ideas if I can tweak apache to prevent this from happening? Maybe turn-off keepalive? I have to allow bots, maybe some are worse then others. -John On Tue, 18 Jul 2006, Doug Barton wrote: > John Von Essen wrote: >> Had a little crash today, that appears to be apache related, but is >> confusing nonetheless. >> >> My server hosts a fair amount of websites, but nothing crazy. Uptime is >> usually only 0.5. Anyway, it got real slow, when I finally logged in, >> uptime was 152, ps -aux showed alot of apache pids, over a 100 (its >> usually 10 or so), and a netstat -an showed alot of connections to port >> 80. The odd thing though was all the connections were CLOSED_WAIT >> >> Machine is running 6-STABLE, and has 1Gb of memory, with a HT P4 3.2 >> GHz. And the HT has been turned on, even though its disabled by default. >> >> Any ideas as to what is going on? Is there maybe an issue with apache >> that triggered something, or maybe it was just a random DoS attack. > > Back when I was doing hosting I saw that same behavior with Apache 1.x when > a very aggressive spider went after sites on our systems. Restarting Apache > was usually all it took to set things right again. > > hth, > > Doug > > -- > > This .signature sanitized for your protection > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >