Hitting Connections Per Second Limit Of RedHat EL
Jun 11, 2009
I have a powerful 8 core 8gb ram web server with scsi raid drives running RedHat EL 4. This server handles 2,000 - 3,000 HTTP requests per second via Litespeed httpd without strain (over 60%+ CPU idle time during peak load, under 1% IO wait). As the traffic volume continues to increase I've encountered a strange problem, the symptoms of which are as follows:
- About 1/4 or 1/3 of new connections are not answered by the server - they time out.
- All connections that are answered have exactly 3 seconds added to the time it takes to establish connection with the server (can be seen as "Connecting to ..." phase in FireFox). HTTP response times were tested by Pingdom from multiple locations all over the world.
- The problem is either "on" or "off", it is not gradual.
- Server ping is unaffected during the problem - no delay and no packet drops.
- The problem does not happen during off-peak hours of the day.
If litespeed httpd settings are tweaked to keep as many connections as possible in keepalive state for as long as possible, the problem is avoided, while tens of thousands of connections are kept in keepalive state.
Possible causes that were tested and eliminated: PHP/MySQL load (problem applies to static files exactly the same), CPU / IO / RAM, network uplink, hardware firewall, DNS.
This makes me think that there is some kind of bottleneck of how many NEW connections per second the server can accept. By maxing out keepalive quantity and duration I'm reducing the number of new connections per second. This is a temporary fix that will only work up to a certain point.
After investigation, litespeed staff verified that my litespeed configuration was correct and after some testing said that nothing in litespeed was responsible for this limiting factor. Litespeed process uses relatively little CPU and can definitely handle more volume.
Following sysctl.conf values were increased substantially to see if that will make a difference: tcp_max_syn_backlog, tcp_max_tw_buckets, tcp_max_orphans, netdev_max_backlog, somaxconn, file-max. This didn't produce any results. Disabling syncookies didn't help either. dmesg doesn't have any notices of limits being hit or throttles being applied.
Litespeed staff suggests that likely some limit in linux kernel is being reached. The strange 3 second delay does seem like an "intelligent" DDOS protection strategy of some sort. Perhaps this is some kind of kernel level DDOS protection?
View 9 Replies
ADVERTISEMENT
May 15, 2008
How can I Limit connections per IP in IIS6?
For example 10 connection per IP is allowed in a minute.
View 0 Replies
View Related
May 31, 2008
on setting up some sort of firewall who only allows 10 connections from the same ip to avoid spamming, abuse on the server.
How should i do this?
View 3 Replies
View Related
Dec 14, 2008
one of my friend say that if i install an apache module which one limit the users conection can help me to protect from ddos.
becaus one of my users domain is under ddos and i think that if i limit his conection, if sombody wants to do ddos and open conection foraxample up 30 he is attacker and ban.
is it right and how i can do it and limit a one user?
View 6 Replies
View Related
Aug 25, 2007
How is this done? from what I gether, there's nothing built into apache which can do this which I personally think is a bit silly as it seems like a common thing. Can anyone offer any help (for apache 2).
View 5 Replies
View Related
Jan 27, 2008
Some limit connection mods can limit max connections per vhost, any mod can limit connections to apache server per IP?
View 3 Replies
View Related
Apr 26, 2008
windows 2003
limit connections per ip to a port
im currently using routix netcom
it can limit the connections( NOT bandwidth) only but not per ip
another firewall which limit connections per ip
View 14 Replies
View Related
Apr 13, 2007
When I SSH'd into my box, I received this message:
example.pl is on this server. HTTPD connections have been limited to restrict this script from overloading server. All servers that have hosted this file need to have extremely limited http connections or have this file removed. It is poorly written and intense on CPU/memory.
How do I go and allow example.pl to be run on my server again? I use it solely for personal sites, so I wish to not have this file blocked and be allowed to run. I've searched for almost an hour now so I figured I would go ahead and post to see if any more experienced members could assist.
View 3 Replies
View Related
Apr 12, 2007
any good rule to limit Apache (port 80) connections from 1 IP to 15 with iptables/csf?
And total connections to the box to 100?
View 6 Replies
View Related
Jan 24, 2007
OS: Linux, on Apache 2.0
=======
Would you know and kindly tell me if there's a way to limit X number of connections per hosted site?
Because I don't want someone with high traffic forum unfairly stealing most connections for himself, which makes other sites suffer in performance.
View 1 Replies
View Related
Jun 22, 2007
how i can limit http and mysql connection limit on per domain basis.
View 2 Replies
View Related
Jan 9, 2007
I've been having trouble the past few days with someone who's been "attacking" my site so to speak by continuously downloading very large files with as many connections as (he) can open. I operate a large downloads site for computer games, this person has selected the largest files (like 400-500MB). Not sure of the real intent other than to clog up my bandwidth capacity. Also he appears to be using proxies since as soon as I ban one, another shows up seeminly from China.
Anyway, I have mod_bw and I've limited the number of connections in the downloads area to 2. While that works ok, his tool uses threads like a download manager would and he's using up 30-40 child threads for his 2 file downloads.
So 2 questions,
Is there anyway to not only limit file downloads to 2, but limit the number of connections per request? Many of my visitors do use download managers and I'd like for them to continue using them but use a reasonable number of threads like 6 or 8, but not 30.
Also, is there a way to restrict access to someone using a proxy?
View 2 Replies
View Related
Oct 25, 2009
I need to do this:
(1) domain1.com limit to 10 connections per IP per 30 seconds but allow if accessing file beginning with x.php such as x.php?981 x.php?o19
(2) domain2.com limit to 10 connections per IP per 30 seconds only if accessing file beginning with x.php but allow if accessing file beginning with y.php y.php?981 y.php?o19 .....
View 8 Replies
View Related
May 5, 2009
I have a major problem, I keep on hitting high memory usage and cant find what is causing this, i have no idea at all where to look .....
View 6 Replies
View Related
May 7, 2009
I have a question regarding something.
I have a live visitor tracking software so I see visitors online in my website
Some hour ago someone from AOL United States was on my contact page website.
Then after an hour i see the same user is still on the contact page but he is going from home domain.com to domain.com/contact.php
Then after 10 seconds he goes again to the homepage, 10 seconds later he goes again the contact page. So the counter shows 1000 pages this visitors is hitting all the same, forwards and backwards, to the homepage and back to the contact page, again and again in a loop for 10 seconds in one, 10 seconds in the other.
So I think this must some user that left his PC on and is going crazy in a loop, has a virus or something abnormal. The IP resolves to a AOL proxy cache using Internet Explorer with low resolution ,536 something.
So I go into the server restart apache, and think this is going to cut or break the connection. No, user is still there looping.
So I say, enough with this, this is not normal, I block the IP. Then voila the user changes IP but same browser from AOL. I say what? Block the new IP and this little devil changes IP again. So i think this must be someone trying to corrupt my webstats or is having fun on me, since a DDOS attack would not be so stupid to use only 1 IP. I block every IP and he keeps changing. So I block the full range from 205.188.116/***
View 4 Replies
View Related
Jun 4, 2015
I have been using managed servers for all of my webhosting career. I just decided to try to do it all on my own and of course, here come the growing pains.
I went with Linode for my new hosting provider. I followed their guides to get the initial setup done, minus setting up MariaDB.
I then went ahead and installed Plesk 12. The install went off without a hitch. But, now that I try to hit my hostname:8443, I get a 404.
I have done the following in an attempt to resolve the issue:
- Restart the server
- Restart the sw-cp-server
- Remove the /etc/sw-cp-server/conf.d/agent.conf (which didn't exist)
I do have the following firewalld rules in place:
firewall-cmd --zone=public--add-port=8443/tcp --permanent
firewall-cmd --zone=public--add-port=8447/tcp --permanent
View 3 Replies
View Related
Apr 29, 2009
CentOS 5 is same as RedHat 5, is it?
I have heard that CentOS is same as RHEL excepting logo and name changes
If I want to learn CentOS, can I buy RHEL 5 book?
View 11 Replies
View Related
Dec 20, 2008
I'm getting a new server with ThePlanet and moving away from a reseller account.
My choices are Redhat 5 or CentOS.
View 11 Replies
View Related
Sep 17, 2007
on installing Mono but havnt found any. Tried their installer and it doesnt work at all.
Does anyone know of a tutorial out there that will help or can anyone provide me with step by step instructions for installing it to REDHAT Enterprise 4 i686
I am using WHM but read a lot of horror stories about installing it via WHM unless thats fixed. If it was fixed, how could i do this instead of a manual install?
View 1 Replies
View Related
Mar 28, 2008
Does anyone know how to sign up for the RedHat hosting program where you have to pay monthly for the licenses as opposed to yearly?
I called their support number but that guy asked me to sign up online for the Yearly license. But I know a lot of dedicated server companies have a monthly commitment.
Can anyone recommend their sales rep to me who knows exactly what I'm talking about? You can PM me their details if you want.
View 0 Replies
View Related
Oct 31, 2008
What is the equivalent to yum in the latest Redhat releases? I just got a VPS but it doesn't come with yum.
View 6 Replies
View Related
Apr 25, 2009
Is anyone here running GFS? The responsibility of managing a small cluster of them is about to fall into my lap, and the only documentation I can find is on Wikipedia, which is troubling. I've got the man pages, but I was hoping for more of a document outlining how it works.
Why would lock_dlm2 or gfs_scand take up close to 100% CPU with minimal traffic on the machine, for example? What do those do? How can I tune it to not do that?
I'm not so much looking for specific answers here about tuning, but am more curious about where I should be looking for documentation. I find it hard to believe that there is none?
View 3 Replies
View Related
Mar 6, 2007
I have complied exim 4.66 version using the source, now i do not seem to make it work
i am getting the fallowing error when i try send mail
$ exim xxx@xxxx.xxx
test
2007-03-06 12:36:44 1HOeWd-0000SH-EZ Cannot open main log file "/var/log/exim/mainlog": Permission denied: euid=8 egid=12
2007-03-06 12:36:44 1HOeWd-0000SH-EZ Failed to create spool file /var/spool/exim/input//1HOeWd-0000SH-EZ-D: Permission denied
2007-03-06 12:36:44 1HOeWd-0000SH-EZ Cannot open main log file "/var/log/exim/mainlog": Permission denied: euid=8 egid=12
exim: could not open panic log - aborting: see message(s) above
when i do $ service exim restart the service fail to stop and but starts OK.
there is no control panel installed on the box.
View 5 Replies
View Related
Dec 10, 2008
Qmail on Redhat setup for mail relay? (I'm a newbie)
I'm trying to figure out how to enable mail relaying for a specific domain on a Redhat server running Qmail. Can anyone tell me where to look? I searched Google, but am now very confused.
View 0 Replies
View Related
Jul 13, 2008
For the past two weeks, our Hypertown RedHat RHEL 5.2 server has been going down everyday because of a wierd Kernel Panic problem.
Attached you can see what was displayed on the console at the time of the panic. This is what SoftLayer tech. support team was able to obtain from the console.
We are not using Samba or NFS-based applications.
Here is the server's info:
[kaware3@rannatweb ~]$ uname -a
Linux rannatweb.com 2.6.18-92.1.6.el5PAE #1 SMP Fri Jun 20 02:51:01 EDT 2008 i686 i686 i386 GNU/Linux
[kaware3@rannatweb ~]$ free
total used free shared buffers cached
Mem: 16632176 3244660 13387516 0 234480 1934632
-/+ buffers/cache: 1075548 15556628
Swap: 2096472 0 2096472
[kaware3@rannatweb ~]$ more /etc/fstab
LABEL=/1 / ext3 defaults 1 1
LABEL=/var1 /var ext3 defaults 1 2
LABEL=/boot1 /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-sda3 swap swap pri=0,defaults 0 0
/dev/sdb1 /disk1 ext3 defaults 0 0
/dev/sdc1 /disk2 ext3 defaults 0 0
/dev/sdd1 /disk3 ext3 defaults 0 0
[kaware3@rannatweb ~]$ iostat
Linux 2.6.18-92.1.6.el5PAE (rannatweb.com) 07/13/2008
avg-cpu: %user %nice %system %iowait %steal %idle
3.78 0.00 4.41 9.02 0.00 82.79
Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtn
sda 90.93 1784.24 1401.45 2073549 1628690
sdb 156.49 1567.09 179.30 1821188 208368
sdc 47.39 443.82 565.21 515787 656864
sdd 0.06 0.88 0.01 1019 8
View 7 Replies
View Related
Sep 18, 2007
I would like to know f.e the setup scenarios f.e for one,two or x fence devices.
The below docs just dont contain enough meat to get you going.
[url]
[url]
[url]
If you are aware of any good hands on tutorials or docs than please feel free to let me know.
I dont mind if the documentation has no screenshoots but the technical explanations must be sound in order to understand how to configure RHCS.
View 0 Replies
View Related
Nov 5, 2014
I need to configure multiple Apache Web Servers on redhat server. I have copied and extracted Apache 2.2 into redhat server and extracted but not able to install because I don't understand setting prefix. Please let me explain about prefix configuration and how to set it. At the same time I would like to know is it possible to setup 4 Apache Web Servers on same machine if possible then how to. Can we set up different versions of Apache HTTP Servers?
View 17 Replies
View Related
Aug 14, 2007
This can be adapted to other operating systems, for the scope of this tutorial it will be designed for Redhat enterprise / Centos ....
View 0 Replies
View Related
Mar 5, 2009
I'm hosting wmv,wma,mp3 files, streaming of video can be done with Windows hosting, but my website script is with php.
Do you suggest Windows Server 2008 hosting or redhat linux hosting?
View 6 Replies
View Related
