Date: Fri, 18 Oct 2002 12:40:17 +0200 (CEST) From: Martin Blapp <mb@imp.ch> To: <freebsd-questions@freebsd.org> Cc: <security@freebsd.org> Subject: Apache DOS, help needed Message-ID: <20021018123333.P90671-100000@levais.imp.ch>
next in thread | raw e-mail | index | archive | help
Hi, I'm using apache 1.27 with recent modssl. I'm not vulnerable to this bug. But I see from time to time large scans, which have the symptoms of this worm. All my FreeBSD childs get used and are waiting in a queue and the server gets unresponsive for 5-6 mins. I set correctly limits: RLimitNPROC 25 RLimitMEM 40000000 RLimitCPU 5 But in this case, RLimitNPROC seems not to work :P I also tried mod_throttle, but it does also not help in this case because all connections are made at the same time and they timeout 180 seconds later. [Fri Oct 18 05:51:43 2002] [error] [client 202.131.107.1] client sent HTTP/1.1 request witho ut hostname (see RFC2616 section 14.23): / [Fri Oct 18 05:51:43 2002] [error] [client 202.131.107.1] client sent HTTP/1.1 request witho ut hostname (see RFC2616 section 14.23): / [Fri Oct 18 05:51:43 2002] [error] [client 202.131.107.1] client sent HTTP/1.1 request witho ut hostname (see RFC2616 section 14.23): / Min/MaxSpareServers), spawning 32 children, there are 0 idle, and 502 total children [Fri Oct 18 05:51:48 2002] [error] server reached MaxClients setting, consider raising the M axClients setting [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:26 2002] [info] [client 202.131.107.1] read request line timed out [Fri Oct 18 05:54:29 2002] [info] [client 202.131.107.1] read request line timed out And so on. Has someone a quick fix for this or a idea ? Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org> ------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP, Zurlindenstrasse 29, 4133 Pratteln, CH Phone: +41 061 826 93 00: +41 61 826 93 01 PGP: <finger -l mbr@freebsd.org> PGP Fingerprint: B434 53FC C87C FE7B 0A18 B84C 8686 EF22 D300 551E ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021018123333.P90671-100000>