[CentOS] Apache Issue on CentOS 6

Banyan He banyan at rootong.com
Mon Apr 8 05:07:30 UTC 2013


Yes, they do because I'm using slow access to attack my servers. To your 
environment, you can use tcpdump to capture one connection to check if 
it's the slow access attack.

If it's an attack, we focus on fixing that part. If it's the code 
problem, then, we can get back to the httpd daemon checking what it goes 
wrong.

------------
Banyan He
Blog: http://www.rootong.com
Email: banyan at rootong.com

On 4/8/2013 1:03 PM, linuxsupport wrote:
> your both el5 and el6 Apache status show lots of R -- Reading
>
>
> On Mon, Apr 8, 2013 at 10:24 AM, Banyan He <banyan at rootong.com 
> <mailto:banyan at rootong.com>> wrote:
>
>     I did a quick test on el5 and el6 with these package,
>
>     httpd-2.2.3-43.el5.centos
>     httpd-2.2.15-15.el6.centos.1.i686
>
>     I kept the configuration as what it is in default. The index page
>     is about 7k, 100 connections per second. I barely find the
>     connection is marked as R. Mostly C and _. This is done by ab from
>     httpd.
>
>     I also did a quick test with slow attack. It's basically slowing
>     the client itself to collect the data from the server. I did 200
>     connections per second. My server is ok seems. A little bit slow,
>     but not too much.
>
>     el5
>
>     RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>     RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>     RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>     RRRRRRRRCWS.....................................................
>
>     el6
>
>     RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>     RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>     RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
>     RRRCRRRRCCCCCCCRWCCCCCWCCCCCCWWCCCCCCCCCCCCCCCCCCCCCCCCCCC......
>
>
>     I also did the capture on the network traffic that I can find out
>     the connections are doing something bad. You may follow the lead
>     here as I mentioned.
>
>
>
>     ------------
>     Banyan He
>     Blog:http://www.rootong.com
>     Email:banyan at rootong.com  <mailto:banyan at rootong.com>
>
>     On 4/7/2013 12:23 AM, linuxsupport wrote:
>>     There is no problem with the hardware, If I installed CentOS 5
>>     then it works well, at a time out of total 44 concurrent requests
>>     34 were in reading state
>>
>>
>>     On Sat, Apr 6, 2013 at 2:03 PM, Banyan He <banyan at rootong.com
>>     <mailto:banyan at rootong.com>> wrote:
>>
>>         I went to the source code to check this. Seems like it's used
>>         for against the slow request attack from the rate. There is a
>>         timeout and rate set for header and body.
>>
>>         I'd keep that thought, capture one connection from tcpdump
>>         seeing if they are doing something bad. If not, you seem need
>>         a new server balancing the traffic.
>>
>>         ------------
>>         Banyan He
>>         Blog:http://www.rootong.com
>>         Email:banyan at rootong.com  <mailto:banyan at rootong.com>
>>
>>         On 4/6/2013 3:06 PM, linuxsupport wrote:
>>>         I have already checked but all requests are from different
>>>         IP's and even different subnet
>>>         When there are less requests it works ok even if there are
>>>         more than 60% reading requests but during peak time when
>>>         concurrent requests goes beyond 150, due to reading requests
>>>         it becomes 300+ requests processing at the same time and
>>>         that then Apache stop responding as maxclient is set to 300.
>>>         CPU load also goes up and thing become very slow.
>>>
>>>
>>>         On Sat, Apr 6, 2013 at 10:33 AM, Banyan He
>>>         <banyan at rootong.com <mailto:banyan at rootong.com>> wrote:
>>>
>>>             I'd recommend you to sort out the connections. Find out
>>>             if they are coming from the same client or the same
>>>             subnet of the clients. Doing a simple tcpdump capture to
>>>             analyze the data seeing if it's a good R or a bad R.
>>>
>>>             Don't really think it's because of the version.
>>>
>>>             ------------
>>>             Banyan He
>>>             Blog: http://www.rootong.com
>>>             Email: banyan at rootong.com <mailto:banyan at rootong.com>
>>>
>>>
>>>             On 4/6/2013 12:24 PM, linuxsupport wrote:
>>>
>>>                 I am facing a problem with Apache on CentOS 6
>>>
>>>                 Apache 2.2.19 is complied from source.
>>>
>>>                 I see so many reading requests in Apache status
>>>                 page, as per my previous
>>>                 experience this "reading request" issue mainly comes
>>>                 when any of the
>>>                 internet route having any problem and it request
>>>                 takes time to completely
>>>                 reach to Apache, but this time there is no network
>>>                 issue.
>>>
>>>                 I have ran same setup on CentOS 5 it works well, but
>>>                 on CentOS 6 it show
>>>                 60%+ reading requests, web site has 20-25 requests
>>>                 per second that becomes
>>>                 80+
>>>
>>>                 I also tried to upgrade Apache to 2.2.24 but it is
>>>                 same on new version as
>>>                 well.
>>>
>>>                 Anyone else has experienced this issue?
>>>                 _______________________________________________
>>>                 CentOS mailing list
>>>                 CentOS at centos.org <mailto:CentOS at centos.org>
>>>                 http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>>>
>>
>>
>
>




More information about the CentOS mailing list