From owner-freebsd-questions Fri Oct 18 3:39:24 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 82F1137B401; Fri, 18 Oct 2002 03:39:22 -0700 (PDT) Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D38543E88; Fri, 18 Oct 2002 03:39:21 -0700 (PDT) (envelope-from mb@imp.ch) Received: from nbs.imp.ch (nbs.imp.ch [157.161.4.7]) by mail.imp.ch (8.12.3/8.12.3) with ESMTP id g9IAdKul022694; Fri, 18 Oct 2002 12:39:20 +0200 (CEST) (envelope-from Martin.Blapp@imp.ch) Received: from levais.imp.ch (levais.imp.ch [157.161.4.66]) by nbs.imp.ch (8.12.3/8.12.3) with ESMTP id g9IAdK751695955; Fri, 18 Oct 2002 12:39:20 +0200 (MES) Date: Fri, 18 Oct 2002 12:40:17 +0200 (CEST) From: Martin Blapp To: Cc: Subject: Apache DOS, help needed Message-ID: <20021018123333.P90671-100000@levais.imp.ch> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'm using apache 1.27 with recent modssl. I'm not vulnerable to this bug. But I see from time to time large scans, which have the symptoms of this worm. All my FreeBSD childs get used and are waiting in a queue and the server gets unresponsive for 5-6 mins. I set correctly limits: RLimitNPROC 25 RLimitMEM 40000000 RLimitCPU 5 But in this case, RLimitNPROC seems not to work :P I also tried mod_throttle, but it does also not help in this case because all connections are made at the same time and they timeout 180 seconds later. [Fri Oct 18 05:51:43 2002] [error] [client 202.131.107.1] client sent HTTP/1.1 request witho ut hostname (see RFC2616 section 14.23): / [Fri Oct 18 05:51:43 2002] [error] [client 202.131.107.1] client sent HTTP/1.1 request witho ut hostname (see RFC2616 section 14.23): / [Fri Oct 18 05:51:43 2002] [error] [client 202.131.107.1] client sent HTTP/1.1 request witho ut hostname (see RFC2616 section 14.23): / Min/MaxSpareServers), spawning 32 children, there are 0 idle, and 502 total children [Fri Oct 18 05:51:48 2002] [error] server reached MaxClients setting, consider raising the M axClients setting [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:29 2002] [info] [client 202.131.107.1] read request line timed out And so on. Has someone a quick fix for this or a idea ? Martin Blapp, ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 061 826 93 00: +41 61 826 93 01 PGP: PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message