[clug-talk] Apache Workshop
khangyi at shaw.ca
Fri Apr 8 07:00:47 PDT 2005
On April 8, 2005 01:12, Travis Rousseau wrote:
> On Apr 8, 2005 12:23 AM, Shawn <sgrover at open2space.com> wrote:
> > On Friday 08 April 2005 00:07, Travis Rousseau wrote:
> > > I have found most web hosting company's that have between
> > > 1,000-50,000+ sites use apache 1.3.33 due to the fact it has less bugs
> > > (others look at it as more bugs have been fixed) and then I find
> > > almost everyone else using apache 2.0.52 especially in house servers
> > > because of the amount of people using fedora core and it coming as the
> > > version in the end I find more websites to use apache 1.3.33 (when 500
> > > websites are on one server equals to quite a bit more sites) but it
> > > seems as more servers use 2.0.52 from my views.
> > >
> > > Travis R.
> > I don't claim to be an expert on the topic, I just determine what I need
> > to get the job done, so to speak... So take the following with a grain
> > of salt.
> > I think the biggest difference between the two is threads support.
> > Version 1.x spawns new processes for each request, while Version 2.x can
> > be set up to do the same, or use multithreading.
> With recent attacks on our server I'm wondering about this, Is it
> better to multithread or spawn a new process when we get the attacks.
> The current situation:
> Normaly apache gets about 50 requests a second while it does just
> under 4mbps server load of 0.30ish.
> When under attack it does it gets all requests used up (550) and
> around 80mbps with a server load of 20.00 ish
> Now this is how I see it correct me if im wrong:
> Now our server is limited to 100Mbps so would it be better to go
> through the effort to get apache 2.0.52 to work on our server and use
> multithreading to use less cpu and more bandwidth or keep as is to use
> lots of cpu and not as much as it could be bandwidth?
> (Our server is a dual Xeon 2.6Ghz with HT on)
> If anyone understands what i think i just said what do you think?
First , Apache pre-spawns, so the performance effects of spawning would be
minimal. The option of running threaded, while a good one, does not hold all
that great advantages IMHO. Looking at how you describe the attack, i will
assume, the attackers are sendig frequent requests to the server overloading
it, if this is not the case, then a dos/racing condition could exist in your
server, and they could be exploiting that. In the latter situation you should
go for a bugfix/workaround from a distributes or the apache team. In the
first case, you need to have a long and hard look at the access logfiles, and
see if there is a pattern to the attack, does the same request come in from
the same IP repeatedly, Does one ip sent multiple but similar requests over a
short period of time, Are the attackers (i will assume many) using a
particular browser id, os version, or indeed url. If you find any
statistically significant correlation, lock onto that, and block it, simplest
would be with an apache config directive to redirect to a page with one space
in it when you think the visit is by the attack script. More elaborate would
be a small php script, hell do it in perl or c or whatever, and let the
script analyze the request, and redirect/serve a blank page or your normal
Given the amount of information, i can not be more specific in answering the
> > Any performance penalties/gains won't be
> > noticed unless you are handling very high volume servers. A number of
> > Apache applications are out there (like PHP), that may or may not work
> > well with the newer threading model. But, the newer threading model
> > results in better performance and scalability (?).
> Hmm if php and a few others dont work The above is not duable, still
> what do some of you think about the above situation i posted?
> > My thoughts...
> > Shawn
> > ps. I like discussions like this - I get to dump what knowledge I have,
> > and get corrected by others more in the know when needed :). Somehow I
> > learn more from this than reading a book.. LOL
> Man i have almost $2000 in linux and OSS books and I could have just
> spent $1290 on windows :-P lol. I have learned way more through clug
> than I have the books.
> Travis R.
> clug-talk mailing list
> clug-talk at clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying
More information about the clug-talk