homepage Welcome to WebmasterWorld Guest from 54.161.133.166
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Protection against high server load levels? ssh priorities?
eaden




msg:911461
 2:25 pm on Jan 19, 2003 (gmt 0)

Hi there,
I am wondering what is the best way to prevent a server from being overloaded to such a stage that you can't log in. The only idea I could come up with is a cron job that checks the load level and stops say apache. But in the case of a slashdotting this wouldn't be quick enough!

 

Brett_Tabke




msg:911462
 2:32 pm on Jan 19, 2003 (gmt 0)

DOS and SynFlood attack prevention is best and easiest done at the router level by your webhost.

eaden




msg:911463
 2:39 pm on Jan 19, 2003 (gmt 0)

sorry, I should have been more specific. I mean overloaded by genuine requests, i.e. say if google or slashdot, or cnn just randomly decided to link to you off their front page. ( extreme example ). And I'm talking about Apache running on Linux

The aim being the webserver doesn't get so busy that I can't log in using ssh and kill apache before it brings the whole system down

Knowles




msg:911464
 6:51 pm on Jan 20, 2003 (gmt 0)

I think bretts aproach would fix what your refering too. The only other solution you could come with would be your idea of a cron job, if your are extreamly concerned this is going to happen have the cron job check the load every few min this though can also increase the load on the computer but shouldnt be enough to bring it down. Have it restart apache to reset the load and you should come out ok and be able to log in and watch it. The likely hood of this happening is probably slim unless you are running a massive site, if this is the case your gonna be better off having mirrored servers and a router splitting the traffic to those. Or less I dont understand either.

seindal




msg:911465
 7:04 pm on Jan 21, 2003 (gmt 0)

Just tell apache not to start to many concurrent processes:

From the Apache documention:
The MaxClients directive sets the limit on the number of simultaneous requests that can be supported; not more than this number of child server processes will be created.

René.

cminblues




msg:911466
 8:28 am on Jan 26, 2003 (gmt 0)

I think your idea of a cron job is a good one, if you want different conf. of apache running based on server load.

I.ex:


#! /usr/bin/perl
$alertvalue = 400;
#let's find a 'load' value of the 'waiting' HTTP:80 requests.
$numwait = `netstat -an ¦ grep -c ':80.*TIME_WAIT'`;
if($numwait > $alertvalue) {
# do something with your httpd.conf
# [ i.ex. change MaxClients & ThreadsPerChild values, if you're on a Apache 2]
# gracefully restart the server
system "kill -USR1 `cat /var/run/httpd.pid`";
}
exit 0;

And, as Brett pointed out, if you're often under SYN-ddos attack, an:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
may help.

P.S. [this board changes some ASCII chars..
so be careful in typing 'your' pipe (-> '¦' here) char.]

cminblues

eaden




msg:911467
 9:49 am on Jan 26, 2003 (gmt 0)

>> Just tell apache not to start to many concurrent processes:
>> From the Apache documention:
>> The MaxClients directive sets the limit on the number of
>> simultaneous requests that can be supported; not more than
>> this number of child server processes will be created.
>>
>> René.

Thanks, this is what I was looking for. It seems to work well.
I had never needed to use it though becasue i didn't have such a popular site.

re the perl script, nice :) i'll give ti a go

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved