See other Miscellaneous Articles
Title: Today's Outage
Source:
[None]
URL Source: [None]
Published: Dec 25, 2009
Author: Neil
Post Date: 2009-12-25 21:25:57 by Pinguinite
Keywords: None
Views: 266
Comments: 25
Today the server went down after hundreds of requests came in for various pages within about 38 seconds. The offending IP address is already known on the net as a "comment spammer" though it cannot actually post here. Apache (the web serving program) already has settings to limit the number of requests it will try to service at one time, and today I've reduced that from 150 to 50. I'm not sure exactly what the optimal setting should be, but if it's too low I'll see warnings about the limit being hit. 150 apparently is never hit. If it is too low then the worst case scenario is a bit slower response time during peak activity. In time I should find the optimal setting. Good chance though that no one will notice anything different, except perhaps fewer occurances of outages. It's more ideal to set a limit on the number of requests from a single IP address that Apache would handle but I don't know yet if Apache has that ability.
Post Comment Private Reply Ignore Thread
Top • Page Up • Full Thread • Page Down • Bottom/Latest
#1. To: Pinguinite (#0)
Thanks for the explanation of the glitch this afternoon. Any idea what went wrong with 4Oline?
good!
4umOffline? No idea. I don't host that.
"An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't. ~ Anatole France
Astute? Hardly. I just try and report what goes on here.
Roger.
"An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't. ~ Anatole France
It could just be me. #2. To: Pinguinite (#0) Good chance though that no one will notice anything different, except perhaps fewer occurances of outages. good! christine posted on 2009-12-25 22:03:17 ET Reply Trace Private Reply #3. To: Lod (#1) Any idea what went wrong with 4Oline? 4umOffline? No idea. I don't host that. Pinguinite posted on 2009-12-25 22:04:16 ET Reply Trace Private Reply #4. To: christine (#2) (Edited) "An education isn't how much you have committed to memory, or even how much you know. It's being able to differentiate between what you know and what you don't. ~ Anatole France Original_Intent posted on 2009-12-25 22:08:25 ET Reply Trace Private Reply #5. To: Original_Intent (#4) Astute? Hardly. I just try and report what goes on here. Lod posted on 2009-12-25 22:12:53 ET Reply Trace Private Reply Edit
Why not?
Because the spam engine doesn't have an account here to post. To get one it needs to register, and that's what the "captchga" thing is for when you register. Prevents bots from signing up for accounts. (It used to be a problem before that was installed).
Roger that.
You could block it completely, Neil. You're running 2.2.8? BTW, links don't work as I just copied the relative URLs: If you wish to restrict access to portions of your site based on the host address of your visitors, this is most easily done using The The usage of these directives is: where address is an IP address (or a partial IP address) or a fully qualified domain name (or a partial domain name); you may provide multiple addresses or domain names, if desired. For example, if you have someone spamming your message board, and you want to keep them out, you could do the following: Visitors coming from that address will not be able to see the content covered by this directive. If, instead, you have a machine name, rather than an IP address, you can use that. Deny from host.example.com And, if you'd like to block access from an entire domain, you can specify just part of an address or domain name: Deny from phishers.example.com moreidiots.example Using Listing just the Great! Just what I would have advised. Big ;-) Whatever makes it work - thanks much.
Yes, I could. I'm familiar with the directives you posted, but I want a solution that works for what must be many hundreds or thousands of such spiders out there. If I block each IP I discover is a problem, that's fine except that it's an after-the-fact patch. That is, after the server crashes, I block one IP address. Doing that hundreds of times after hundreds of crashes is not what I want. I want a solution that will prevent future spiders from doing what this one did. And of course if an evil spider gets a new IP, then that one is free and clear to strike again. Ideally, there'd be something in Apache that limits the number of requests a certain IP address can make within a short span of time. If you know of something like that, I'd really appreciate a lead. Thanks.
Ah. I misunderstood the issue. Is this on the right track?: dominia.org/djao/limitipconn2.html Example conf here: Now THAT'S what I'm looking for. I'll check it out. Thanks!
Ideally, just trace back to the offender and then let's just go there and get it overwith...IMO
Awesome! Let me know if it's useful.
I can't seem to get it to work. The module loads fine, apache doesn't complain about the new settings so I know the module is in, but it's not denying accesses above the limit I prescribe. I'm not seeing any clues as to why. It acts like nothing is different.
Do you have the directives in the virtual directory or is it in the global conf? Dumb question, but ExtendedStatus is on, yes? Another hack: Setting them system wide generated an error on Apache reload. Doing them inside Directory tags does not. Then there's no error on an apache reload but it also has no effect. (I'm testing with the download of a large file with the limit set to 1 and I have it downloading twice simultaneously). Yes. I'll check it out.
Frustrating. One would think that this would be a common enough problem that Apache would have addressed it. I'll keep digging around.
Seems the lastest version is only suited for apache 1.3. I might be able to do my own home brew that works at the firewall level monitoring requests and modifying the firewall temporarily in the event of a flood of requests. Maybe it'll come to that.
Yes, it would seem. But Apache does a lot of things I don't know anything about, so maybe there's a way. Thanks!
Another:
#2. To: Pinguinite (#0)
Good chance though that no one will notice anything different, except perhaps fewer occurances of outages.
#3. To: Lod (#1)
Any idea what went wrong with 4Oline?
#4. To: christine (#2)
(Edited)
#5. To: Original_Intent (#4)
#6. To: Lod (#5)
#7. To: Pinguinite (#3)
To me, this is illogical -
#8. To: Pinguinite (#0)
The offending IP address is already known on the net as a "comment spammer" though it cannot actually post here.
#9. To: Itistoolate (#8)
#10. To: Pinguinite (#9)
#11. To: Pinguinite (#0)
(Edited)
It's more ideal to set a limit on the number of requests from a single IP address that Apache would handle but I don't know yet if Apache has that ability.
mod_authz_host. Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document. The Order directive goes hand-in-hand with these two, and tells Apache in which order to apply the filters. Allow from address Deny from 10.252.46.165 Deny from 192.168.205
Deny from ke Order will let you be sure that you are actually restricting things to the group that you want to let in, by combining a Deny and an Allow directive: Order deny,allow
Deny from all
Allow from dev.example.com Allow directive would not do what you want, because it will let folks from that host in, in addition to letting everyone in. What you want is to let only those folks in.
#12. To: bluegrass (#11)
#13. To: bluegrass (#11)
You could block it completely, Neil.
#14. To: Pinguinite (#13)
#15. To: bluegrass (#14)
#16. To: Pinguinite (#13)
"If you love wealth more than liberty, the tranquility of servitude better than the animating contest of freedom, depart from us in peace. We ask not your counsel nor your arms. Crouch down and lick the hand that feeds you. May your chains rest lightly upon you and may posterity forget that you were our countrymen.”—Samuel Adams 
#17. To: Rotara (#16)
(Edited)
Ideally, just trace back to the offender and then let's just go there and get it overwith...IMO
as in caddy shack II to their house at night with baseball bats?
The best gun to have, is the gun you have, when you need a gun.
#18. To: Pinguinite (#15)
#19. To: bluegrass (#18)
#20. To: Pinguinite (#19)
#21. To: bluegrass (#20)
Do you have the directives in the virtual directory or is it in the global conf?
Dumb question, but ExtendedStatus is on, yes?
Another hack:
#22. To: Pinguinite (#21)
#23. To: bluegrass (#20)
www.cohprog.com/mod_bandwidth.html
#24. To: bluegrass (#22)
Frustrating. One would think that this would be a common enough problem that Apache would have addressed it.
I'll keep digging around.
#25. To: Pinguinite (#21)
Top • Page Up • Full Thread • Page Down • Bottom/Latest