Hi all --

In short: if I set ListenBacklog to a smaller number will the overloaded server send 503 responses, and tend to make bad bots go away more quickly?

Occasionally, one of the sites I work with gets flooded with requests from ill-behaved bots. Worse, some of them are either trying to spam comments, or break in -- these are expensive (time consuming) operations in our application. Once one of these bots is onto us, the server quickly maxes out.

I have the Apache MaxClients value set in my MPM configuration (my server uses the pre-fork MPM) to a value as high as possible, but due to the high memory use of Drupal, other settings, and memory limitations, I can only comfortably deal with between 15 and 20 requests before potentially exhausting system memory.

Once this limit is hit, Apache queues requests up to the value of ListenBacklog, which is 511, by default in Apache 2.2. We often see cases where bots will put several hundred requests on that queue, mostly crowding out real users until the bot goes away or we ban its IP.

So, I am thinking: what's the harm of setting the ListenBacklog number lower, maybe to 50, after which (I believe) Apache will return a 503 error. While certainly not all bots will pay attention, I know at least some will give up and move on to their next victim.

But most of the stuff I could find on the web talks only about increasing the value, not decreasing it.

Does anyone have experience with this, or knowledge, a link, an alternative, or just an opinion?

Thanks --

Tom