top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Apache in production without squid

+1 vote
280 views

I would like to know how many concurrent connections you recommend to use with apache without having a squid in place.
We have approx 600 concurrent connections on our site and run currently with squid, but think about removing squid from the network. Is this a good idea ?

posted Oct 14, 2013 by Amit Parthsarthi

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

If your apache installation is sufficiently well tuned and has enough resources (chiefly RAM) then it should be fine.

For a public example, see http://httpd.apache.org/server-status presently indicating over 800 slots.

answer Oct 14, 2013 by Dewang Chaudhary
Similar Questions
0 votes

I started apache server which has worker as mpm in debug mode. I killed the process with kill -9 then it kills the process and stop debug. But when I am using kill -term PID then it is not killing process. Whereas kill -term PID is woking with prefork debug.Â
If I want to use kill -term PID in debug mode of worker then how to do that.

0 votes

I am a bit confused about the mod_rewrite documentation. It shows this rule to block hotlinking:

RewriteCond "%{HTTP_REFERER}" "!^$"
RewriteCond "%{HTTP_REFERER}" "!www.example.com" [NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

however, I'd think a better rule would be:

RewriteCond "%{HTTP_REFERER}" "^$" [OR]
RewriteCond "%{HTTP_REFERER}" "!(www.)?example.com/.*$" [OR,NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

if I want to block anyone manually typing in a link (no referer) + hotlinking (probably has a referer). Do i need the [OR] on the 1st
RewriteCond and not the 2nd one? It seems to work with OR on both conditions.

+1 vote

We have 2 servers.
Server1 has a apache.
Server2 has a tomcat.

Now we see there are many syn recv connection via "netstat -ant". These kinds of connection are running out the CPU.

We googled it and found it looks like of syn recv attack.

So I just want to know:
1. How to verify it DOES is a syn recv attack?
2. Is there any way to fight against these kind of connections? Can I do some configuration at Apache?
3. Because our server1 is deployed at a cloud center. I guess these cloud center should also be attack?

0 votes

We are running debian linux stable (Jessie) with apache 2.4.10 and mod_wsgi 4.3.0-1 on a x86_64 machine. Our application is written in python 2.7 and django 1.8.

The list of modules as reported by apachectl -M are:Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) cgi_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) filter_module (shared) mime_module (shared) mpm_worker_module (shared) negotiation_module (shared) perl_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) status_module (shared) wsgi_module (shared)

We were getting segmentation faults when rest api clients were making requests. The apache error log has the following messages:

[Mon Jul 27 09:04:38.375433 2015] [core:notice] [pid 32693:tid 140315326191488] AH00052: child pid 32700 exit signal Segmentation fault (11)
[Mon Jul 27 09:04:38.375556 2015] [core:notice] [pid 32693:tid 140315326191488] AH00052: child pid 32701 exit signal Segmentation fault (11)

I have enabled core dumps by setting ulimit to unlimited and adding core dump config directive in the apache2.conf file.
but the core dumps are not happening. When I tried to debug using gdb (gdb /usr/sbin/apache2), the environment variables are not getting read. Any clues on how to go about this?

...