I have a dedicated box with softlayer and I have noticed at varying times the past few months that with sites we host, sometimes the connection times out (I'll try to access like 5 or 6 sites within 30 seconds or so and they all drop, then a minute later they load fine).
I opened a support ticket and they said it usually has to do with the # of requests Apache can handle, and that this can be modified. They stated they could: "tweak the apache configuration file in this server that can make it possible to handle more requests."
So my question is what should the # of requests be set to? (I'm not sure what it is now, but I assume whatever the default # is).
I have Apache 2.4.2, OpenSSL/1.0.1c, on Windows Web Server 2008 R2 (64 bits)
After 12 hours of heavier load, the SSL requests stopped working/being answered. However if you requested the same page via http instead of https, it worked fine. Restarting the Apache server fixes this, for a while. Again after a few hours of traffic, the https requests stopped working again. I checked the logs, and nothing notable, the mod_ssl entries just...
The site is called only by client developed with Delphi 2007 (CodeGear user-agent). Delphi client use THTTPRIO for sending HTTPS request to SOAP.
So I just upgraded Apache 2.2.22 to Apache 2.4.3 and made sure to go through all the options that had changed and update the conf file accordingly. This included adding the cache module for SSL and changing the SSLMutex option over to Mutex default ssl-cache. We also turned off SSLCompression due to the CRIME attack vulnerability.
We use apache strictly as a loadbalancer to 2 tomcat servers via mod_jk. Apache serves no static content at this time.
After being deployed, everything worked fine until later in the day. After 3 hours of heavier load (our site only takes significant traffic during business hours), the SSL requests stopped working/being answered. However if you requested the same page via http instead of https, it worked fine.
Restarting the Apache server fixes this, for a while. Again after a few hours of traffic, the https requests stopped working again. This time I turned the loglevel up to debug and restarted the Apache server.
As traffic slowed down it took another 6 or 7 hours before SSL requests stopped working again. I checked the logs, and nothing notable, the mod_ssl entries just... stopped. (I don't know for sure its ammount of traffic related, it just seems that way)
I have tried reproducing this in a lab, but have not been able to get it to happen on the lab server.
OS: Windows Server 2008 R2 Apache: 2.4.3 vc9 build with OpenSSL 0.9.8 downloaded from apachelounge.org Mod_JK Version 1.2.37 vc9 also downloaded from apachelounge.
I've spent the last several months working on a huge upgrade of a couple dozen websites. The upgrades include modifying Apache so that visitors who arrive at links pointing to mysite/World/New_York are redirected to mysite/world/new-york. In other words, all my links now default to lower case, and underscores are replaced with dashes.
Unfortunately, publishing it has been an endless series of disasters. My websites are now all crashed, and the server is unbelievably slow. It takes pages forever to load (if they load at all), and I can scarcely publish files online.So the following notice sent to me by my webhost got my attention.
IT appears your own server IP is making GET requests to Apache, causing excessive loading and causing service failures. On today's date, your IP made almost 6,000 connections to Apache:<br><br>
I have a little problem (on my Raspberry) with the maximum concurrent connections.When I open multiple tabs of a webpage which keeps persistent connections, apache is unable to serve more requests.Here is the (shortened) mod_info output (which also takes some time till there is a process kind enough to serve the request):
Code: Server Version: Apache/2.4.10 (Raspbian) OpenSSL/1.0.1k Server MPM: prefork 5 requests currently being processed, 9 idle workers
I have an Apache Server (2.4.3) and a Tomcat Server (7.0.36) and have some Java Applications deployed.Everything works fine, but when we start a quite long Ajax process, I see in my Java Application, that a Ajax request is received and starts processing - everything fine. But during processing of the first request, I see a second request starts after 5 minutes.
I currently have a web VPS hosted with FDCServers.net and after 5 days of switching to it i am getting massive HTTP requests. When i login to WHM and hit apache status i have many requests per second by multiple IP's that are going to pages that simple don't exist. Currently my hostname for the server is set at web-01.optical-hosting.com which is what the requests are being sent to. I am also having a DNS issue because when i put http://web-01.optical-hosting.com in the web browser it displays the first account's site under "list accounts" in cpanel. Can someone please help me fix both of these issue's? i will post an apache log in a second post as it is long. Also, these are from overseas. please someone help me with this i have Aim and Msn.
I'm looking to pass the entries to a web form, via Apache, to an external process (listening on a port say 4321) running on the same host as Apache.Is there a way to "coerce" Apache into doing this?
My Linux Server's Http Daemon (Apache) would stop serving websites ever so often, as soon as apache is restarted the error fixes iteself only to resurface within few hours.
The apache process would still be running i.e. apache does not die but no websites hosted on my server would be accessible from browser. And when this happens the apache logs do not log any http requests.
Instead when this happens all http requests to my server would be redirected to some weird Trojan website and my Norton Antivirus would show an Alert/Warning, for example; "Browser exploit at www.xxx.xxx was blocked" Risk Name: MSIE WebViewFolderIcon ActiveX Control BO
or another error like; "Auto-Protect has detected Trojan.Fakeavalert".
At first i thought the problem could be with my Laptop/ISP so i logged on to the server via SSH and opened try to open a website using command line "lynx mywebsite.com" and it shows following error; "Alert!: HTTP/1.0 503 Service Unavailable".
Now if i assume my laptop were to be infected, then as soon as i restart my apache and visit mywebsite.com eveything returns to normal with no such warnings. Why do i see those norton error messages only when apache is down with 503, and when apache is down with 503 how come the http requests always get redirected to some suspicious websites and nothing gets logged in apache error log?
I think my server is being attacked causing http to get unresponsive and thereafter http requests to my server are redirected to some malicious website, is this correct?
Also, i suspect this is a php script exploit as some customers have reported that google have blocked their website due to security reasons, i found <iframe> tage inserted in some php pages which i fixed.
Also, another thinh i noticed; when apache responds with the 503 it is referencing PHP 5.1.4 in the header response:
[root@]# curl -I xxx.xxx.xxx.xxx (my server ip) HTTP/1.0 503 Service Unavailable Server: Apache X-Powered-By: PHP/5.1.4 Retry-After: 20
I am running PHP 4.3.9m why does apache responds with PHP 5.1.4 when this 503 error surfaces?
Also, since my apache was dowan with 503 error a customer mailed in today saying; "It seems that my site www.xxxx.com is regularly down, and the winlogon virus is involved."
I suspect this is again due to the fact that http requests start getting redirected?
So I've got a problem where a small percentage of incoming requests are resulting in "400 bad request" errors and I could really use some input. At first I thought they were just caused by malicious spiders, scrapers, etc. but they seem to be legitimate requests.
I'm running Apache 2.2.15 and mod_perl2.
The first thing I did was turn on mod_logio and interestingly enough, for every request where this happens the request headers are between 8000-9000 bytes, whereas with most requests it's under 1000. Hmm.
There are a lot of cookies being set, and it's happening across all browsers and operating systems, so I assumed it had to be related to bad or "corrupted" cookies somehow - but it's not.
I added "%{Cookie}i" to my LogFormat directive hoping that would provide some clues, but as it turns out half the time the 400 error is returned the client doesn't even have a cookie. Darn.
Next I fired up mod_log_forensic hoping to be able to see ALL the request headers, but as luck would have it nothing is logged when it happens. I guess Apache is returning the 400 error before the forensic module gets to do its logging?
By the way, when this happens I see this in the error log:
request failed: error reading the headers
To me this says Apache doesn't like something about the raw incoming request, rather than a problem with our rewriting, etc. Or am I misunderstanding the error?
I'm at a loss where to go from here. Is there some other way that I can easily see all the request headers? I feel like that's the only thing that will possibly provide a clue as to what's going on.
I have been trying to solve a big problem for the last 2 weeks with one of our servers.
The client using our system (web based w/ apache and php) is a contact center firm. They have about 120 operators, all connect to our websever with the same IP.
We have been suffering DoS attacks from some of these operators. This are simple, browser attacks , namely 5 or 10 operators will just hold F5 key and bombard the server with requests when they shouldnt.
We did manage to produce a php protection which will recognize the multiple requests and blacklist the user, but its "too late" because the request have already been sent and processed by the webserver.
We use the user ID in the system to control who should be blacklisted, so this is all dependent on our own authentication.
Ideally, we need something EXACTLY like mod_evasive, but for rejecting single requests instead of blocking the IP. Exemplifying : if a user calls the same url, 5 times, in a 3 second spawn, we will reject every next request for 30 seconds, but only the requests by that user.
If the webserver can make any use of it, the user id is stored in a cookie.
I'm running Apache 2.4.4 on Windows Server 2008 R2. It's already happened many times that Apache stopped responding to requests. The last entry in the error.log:
[Wed Mar 27 06:22:07.043600 2013] [mpm_winnt:notice] [pid 1736:tid 256] AH00354: Child: Starting 64 worker threads. [Wed Mar 27 06:52:34.521200 2013] [mpm_winnt:error] [pid 1736:tid 1656] AH00326: Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting
Behind a pfsense box we have a computer who act as a forward proxy with apache. At the end we have the family computer.This is the problem: i can't hide the forward proxy on internet, the forward proxy is reported "detected".
I'm trying to prevent unnecessary GET requests from being processed by my CMS that originate from mutating IP address locations. This is sucking up server resources when the request is processed by the app, and so if possible, I'd like to block them with HTACCESS so that the request is stopped before anything is intensively-processed.
What happens is that an IP address will make a GET request for, say, "blah/test" or "blah/test2" but nothing else (no site assets like images or CSS/JavaScript files or even other pages). After this request, another IP address will then make an equivalent kind of request, and so on, and so on... All of them have similar if not identical user agent strings but they're always worthless requests that do nothing but waste CPU and RAM. I'm assuming it's just some idiotic SPAM bot because of this.
I have Configured Apache2.4.4 for forward Proxy and tested from my browser the response is very slow and even not coming complete Response for some requests.
I also Tested the same for Apache2.2 Forward Proxy it is very fast and good.
May I know what is the Problem in Apache 2.4
Is there any Issues in proxy modules (mod_proxy,mod_proxy_connect.so,mod_proxy_http.so) in Apache2.4
This is the same configuration i used for Apache2.2 and Apache2.4
I'm more of an application programming guy than network/internet guy so excuse any ignorance on my part.
I am currently using shared hosting on an IIS server.
I running SMF Forums and a business on the IIS server. I have a payment system that I've programmed tied into the MySQL SMF database. This payment system uses ASP.net. I'm a .Net programmer. SMF is also being currently ran on the IIS server, and it does ok.
I'm really wanting to start running my forums on a separate Unix Server.
So my question is, can i run my ASP.net scripts on my IIS server that access the MySQL database on a separate Apache server? The Apache server and IIS server would have different domains (I'm guessing that'd be required).
I think this is possible, but wondering what others think. All I should need to do is change some connection strings on my Web.config on my IIS server to point to the new SQL databases.
we plan to buy one server for apashe and one for mysql.
So first server will handle apache + cpanel + exim Dual Processor Dual Core Xeon 5140 - 2.33GHz (Woodcrest) - 2 x 4MB cache 8 GB FB-DIMM 3 x 73GB 15k RPM SA-SCSI Linux RHE 4 ES
second will handle only mysql Dual Processor Quad Core Xeon 5345 - 2.33GHz (Clovertown) - 2 x 8MB cache 8 GB FB-DIMM 3 x 73GB 15k RPM SA-SCSI Linux RHE 4 ES
Server will be used for forums about 4000, 5000 Simultaneous users.
here's my current setup has my stuff running on 2 separate "self contained" servers (eg; each runs their own apache/php/mysql):
Main site/server: content: mostly static content (no mysql, very little php). currently has about 4tb/m traffic. in the summer it could push up to 6tb/m hardware: P4 2.8ghz. 1gb ram. this server has no problem handling the load. only problem is bandwidth (i have to get it off the current host)
Forums site/server: content: running vBulletin. currently 400-500 peak (probably jump to 800 peak this summer) users active per 15 mins. hardware: 64bit dual Opteron 242. 4gb ram. it's absolutely griding that to a halt at peak times. it acts like 4gb memery isn't enough (it will run fine then eat through most of the 4gb. grind to a halt, then recover) personally i think it was setup/configured wrong but i've had multiple people look at it and nobody can find anything wrong in the apache/mysql settings.
What I want to know: what type of server setup should I start migrating to? should I keep both parts of the site separate? eg; main site on one server, forums on another server(s)?
what i've sorta been looking into is 3-server setup. (server1) main apache/php server. probably on unmetered (honestly don't think i'll find anything else that offers high enough traffic). run the main site and the vB php from here (server2) dedicated mysql 'read only' server (server3) dedicated mysql 'write only' server.
and have mysql read/write synced and have all 3 servers networked directly together. i have a friend running a single mysql driven site using this setup and it works really well for him.
is this overkill for me? should the current dual Opteron be able to handle the forums and i just need to hire someone smarter, or is there some other setup that would work better for me? i'm tight so i want to go cheap as possible, but I also realize i need room for summer traffic expansion that always hits us.
I am using apache 2.2 webserver and tomcat 6 as app server.
I have two unix boxes (let say A and B) where apache is installed for load balancing purpose.
The issue is now and then I see that on both the server reaches to 250 busy servers which makes my site very slow and after some time the site is unaccessible.
When I see this I restart apache on both unix boxes and also restart my app server.
But that does not work. As soon as I start apache the httpd process ramps up to 12 (ps -ef | grep httpd) within a minute and the busy servers still remains at 250.
The only I have to do is wait and watch till the busy servers goes down to 250 and then site is back to normal.
Some times it takes hours for busy servers to go down below 250.
I dont understand that why even restarting apache and tomcat doesn't work. why the busy servers are still at 250. even after I restart.
x1 gateway.domain.com:443 (Using as a proxy to web1 and web2) x1 web1.domain.com:443 x1 web2.domain.com:443
I was able to have gateway.domain.com play nicely with a wildcard certificate and handshake perfectly with web1 and web2. Now currently, web1 and web2 have their own SSL certificates while gateway has a wildcard cert for *.domain.com. Is it necessary to have certs on all 3 servers or just have the single wildcard cert on gateway.domain.com?
I currently have one server a Dual Xeon 5130 2GHZ (woodcrest) 2GB Ram. Running cPanel/WHM
Now I run a website that is VERY PHP & MySQL Intensive and MySQL is ALWAYS the top of the process list, hogging a ton of usage. It's getting to the point where the site is needed a second server and I know there's a few options; but I'm not sure which one would be the best.
They way I see it my two options are getting a 2nd server and setting up the two to do load balancing, or getting a 2nd server and setting one up for just Apache and the Other for MySQL and using the 2nd as a remote SQL server.
If I do the Apache on a seperate server would I need such a powerful server? And if I also would want to upgrade this server along with getting a 2nd server would I be better of upgrading to 4GB of RAM or upgrading the processors?
I need to configure multiple Apache Web Servers on redhat server. I have copied and extracted Apache 2.2 into redhat server and extracted but not able to install because I don't understand setting prefix. Please let me explain about prefix configuration and how to set it. At the same time I would like to know is it possible to setup 4 Apache Web Servers on same machine if possible then how to. Can we set up different versions of Apache HTTP Servers?
I set up a cron to run every minute & I'm running a PHP script by way of cron like
wget http://example.com/some_script.php
Now does each request of Cron is a seperate HTTP Request or what? Say my script takes more than 1 minute to execute completely but before its completed, its called again. So, will that effect the PHP script running because of previous HTTP Request or will it create a new HTTP Request & let the previous request finish its operation? Technically, it shouldn't block/affect the previous request, but I'm not sure!!
my server is still effed up from the MPack attack that I received.
I just received the following email, does anyone know what this means or how it could be done? The client IP is mine, so some how my server is sending that request?
I was able to successfully delete all the files, but how do I now get rid of the directories themselves? When I do: rm -fr "/arcade/images/. /" and then locate ". " I still get:
