Date: Tue, 18 Jul 2006 14:39:23 -0400 (EDT) From: John Von Essen <john@essenz.com> To: freebsd-hackers@freebsd.org Subject: Re: odd behavior in apache 2.0.58 today Message-ID: <20060718143105.B64880@beck.quonix.net> In-Reply-To: <44BD2783.1000609@FreeBSD.org> References: <20060718140354.V64880@beck.quonix.net> <44BD2783.1000609@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug, Did some googling and I did find a connection between excessive CLOSED_WAITS, and hanging apache, and webbots. Some of the IP's I saw in my netstat were bots too. The problem has something to do with the bot no longer accepting data, but apache will continue to send it back since the bot didn't close the connection. Because my MaxClients was set to 150, my server got so bogged down, that it actually crashed and I had to power cycle. I moved that down to 75, which is still more than enough for me, so if it happens again, my system should remain up in order to restart apache. Any ideas if I can tweak apache to prevent this from happening? Maybe turn-off keepalive? I have to allow bots, maybe some are worse then others. -John On Tue, 18 Jul 2006, Doug Barton wrote: > John Von Essen wrote: >> Had a little crash today, that appears to be apache related, but is >> confusing nonetheless. >> >> My server hosts a fair amount of websites, but nothing crazy. Uptime is >> usually only 0.5. Anyway, it got real slow, when I finally logged in, >> uptime was 152, ps -aux showed alot of apache pids, over a 100 (its >> usually 10 or so), and a netstat -an showed alot of connections to port >> 80. The odd thing though was all the connections were CLOSED_WAIT >> >> Machine is running 6-STABLE, and has 1Gb of memory, with a HT P4 3.2 >> GHz. And the HT has been turned on, even though its disabled by default. >> >> Any ideas as to what is going on? Is there maybe an issue with apache >> that triggered something, or maybe it was just a random DoS attack. > > Back when I was doing hosting I saw that same behavior with Apache 1.x when > a very aggressive spider went after sites on our systems. Restarting Apache > was usually all it took to set things right again. > > hth, > > Doug > > -- > > This .signature sanitized for your protection > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060718143105.B64880>