[CentOS] Apache Issue on CentOS 6

linuxsupport lin.support at gmail.com
Mon Apr 8 05:44:03 UTC 2013 

I was not able to reproduce it while sending so many requests from ab or
any other tool, it only appears when requests come from browser, I had
posted this question to Apache users as well and someone told that it is
due to Chrome uses preconnection, though this feature was available on
Chrome since version 7, till kernel version 2.6.31.14 these preconnection
requests were not coming to Apache status page but from 2.6.32 they started
appearing on Apache status.

Following thread also talks about preconnection
https://code.google.com/p/chromium/issues/detail?id=85229



On Mon, Apr 8, 2013 at 10:37 AM, Banyan He <banyan at rootong.com> wrote:

>  Yes, they do because I'm using slow access to attack my servers. To your
> environment, you can use tcpdump to capture one connection to check if it's
> the slow access attack.
>
> If it's an attack, we focus on fixing that part. If it's the code problem,
> then, we can get back to the httpd daemon checking what it goes wrong.
>
> ------------
> Banyan He
> Blog: http://www.rootong.com
> Email: banyan at rootong.com
>
> On 4/8/2013 1:03 PM, linuxsupport wrote:
>
> your both el5 and el6 Apache status show lots of R -- Reading
>
>
> On Mon, Apr 8, 2013 at 10:24 AM, Banyan He <banyan at rootong.com> wrote:
>
>>  I did a quick test on el5 and el6 with these package,
>>
>> httpd-2.2.3-43.el5.centos
>> httpd-2.2.15-15.el6.centos.1.i686
>>
>> I kept the configuration as what it is in default. The index page is
>> about 7k, 100 connections per second. I barely find the connection is
>> marked as R. Mostly C and _. This is done by ab from httpd.
>>
>> I also did a quick test with slow attack. It's basically slowing the
>> client itself to collect the data from the server. I did 200 connections
>> per second. My server is ok seems. A little bit slow, but not too much.
>>
>> el5
>>
>> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>> RRRRRRRRCWS.....................................................
>>
>> el6
>>
>> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>> RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>> RRRCRRRRCCCCCCCRWCCCCCWCCCCCCWWCCCCCCCCCCCCCCCCCCCCCCCCCCC......
>>
>>
>> I also did the capture on the network traffic that I can find out the
>> connections are doing something bad. You may follow the lead here as I
>> mentioned.
>>
>>
>>
>> ------------
>> Banyan He
>> Blog: http://www.rootong.com
>> Email: banyan at rootong.com
>>
>>   On 4/7/2013 12:23 AM, linuxsupport wrote:
>>
>> There is no problem with the hardware, If I installed CentOS 5 then it
>> works well, at a time out of total 44 concurrent requests 34 were in
>> reading state
>>
>>
>>  On Sat, Apr 6, 2013 at 2:03 PM, Banyan He <banyan at rootong.com> wrote:
>>
>>>  I went to the source code to check this. Seems like it's used for
>>> against the slow request attack from the rate. There is a timeout and rate
>>> set for header and body.
>>>
>>> I'd keep that thought, capture one connection from tcpdump seeing if
>>> they are doing something bad. If not, you seem need a new server balancing
>>> the traffic.
>>>
>>> ------------
>>> Banyan He
>>> Blog: http://www.rootong.com
>>> Email: banyan at rootong.com
>>>
>>>   On 4/6/2013 3:06 PM, linuxsupport wrote:
>>>
>>>  I have already checked but all requests are from different IP's and
>>> even different subnet
>>>  When there are less requests it works ok even if there are more than
>>> 60% reading requests but during peak time when concurrent requests goes
>>> beyond 150, due to reading requests it becomes 300+ requests processing at
>>> the same time and that then Apache stop responding as maxclient is set to
>>> 300. CPU load also goes up and thing become very slow.
>>>
>>>
>>> On Sat, Apr 6, 2013 at 10:33 AM, Banyan He <banyan at rootong.com> wrote:
>>>
>>>> I'd recommend you to sort out the connections. Find out if they are
>>>> coming from the same client or the same subnet of the clients. Doing a
>>>> simple tcpdump capture to analyze the data seeing if it's a good R or a bad
>>>> R.
>>>>
>>>> Don't really think it's because of the version.
>>>>
>>>> ------------
>>>> Banyan He
>>>> Blog: http://www.rootong.com
>>>> Email: banyan at rootong.com
>>>>
>>>>
>>>> On 4/6/2013 12:24 PM, linuxsupport wrote:
>>>>
>>>>>  I am facing a problem with Apache on CentOS 6
>>>>>
>>>>> Apache 2.2.19 is complied from source.
>>>>>
>>>>> I see so many reading requests in Apache status page, as per my
>>>>> previous
>>>>> experience this "reading request" issue mainly comes when any of the
>>>>> internet route having any problem and it request takes time to
>>>>> completely
>>>>> reach to Apache, but this time there is no network issue.
>>>>>
>>>>> I have ran same setup on CentOS 5 it works well, but on CentOS 6 it
>>>>> show
>>>>> 60%+ reading requests, web site has 20-25 requests per second that
>>>>> becomes
>>>>> 80+
>>>>>
>>>>> I also tried to upgrade Apache to 2.2.24 but it is same on new version
>>>>> as
>>>>> well.
>>>>>
>>>>> Anyone else has experienced this issue?
>>>>>  _______________________________________________
>>>>> CentOS mailing list
>>>>> CentOS at centos.org
>>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>>
>
>

More information about the CentOS mailing list