When I am trying to time telnet XX.XX.XX.XX 80 my apache 2.4.6 server on centOS7 the result is 51 sec.
I manage to lower it with reqtimeout_module using
RequestReadTimeout header=1
RequestReadTimeout body=1
but its never less than 32 sec. Found info, about this, is a known bug on 2.4.6 (if I understand it correctly) and 30sec is hardcoded and can't be changed.
so I update it to 2.4.33 but nothing changed. Is there any way to make this time lower?
You can set AcceptFilter http none inside /etc/httpd/conf/httpd.conf.
By default, on Linux AcceptFilter is using the TCP_DEFER_ACCEPT socket option (from manpages):
TCP_DEFER_ACCEPT (since Linux 2.4)
Allow a listener to be awakened only when data arrives on the
socket. Takes an integer value (seconds), this can bound the
maximum number of attempts TCP will make to complete the
connection. This option should not be used in code intended
to be portable.
The default value for that option on centos7 seems to be 30 (see this answer).
Another way to do that is by using apache-module-sockopts:
LoadModule sockopts_module libexec/mod_sockopts.so
AddModule mod_sockopts.c
<IfModule mod_sockopts.c>
# TCP_DEFER_ACCEPT
SoTcpDeferAccept 20
</IfModule>
Related
I have CentOS 7, with Apache 2.4.46. I have done pretty much every thing available on internet. I am getting the below error
The mpm module (prefork.c) is not supported by mod_http2. The mpm
determines how things are processed in your server. HTTP/2 has more
demands in this regard and the currently selected mpm will just not
do. This is an advisory warning. Your server will continue to work,
but the HTTP/2 protocol will be inactive.
My apache is running from /usr/local/apache2/.
I have seen, I may need to use php-fpm module to run this.
I have made changes on my live server and It is kinda stuck now. Though work impact is very less but I really want to learn what wrong am I doing
You would need to:
Disable mod_mpm_prefork
Disable mod_php (disable the php module, what ever it's named, example: libphp7)
Enable mod_mpm_event
Enable mod_http2
Enable mod_proxy
Enable mod_proxy_fcgi
Enable mod_setenvif
Install PHP-FPM using yum install php-fpm, or you might need to specify the version yum install php7-fpm or php8-fpm, and then start the PHP-FPM service after installation of that, using systemctl start php-fpm or php7-fpm/php8-fpm.
Add the following to Apache configuration:
<FilesMatch "*\.php">
SetHandler "proxy:fcgi://localhost:9000"
</FilesMatch>
If it is running as an UNIX socket, you would need to change it to:
<FilesMatch "*\.php">
SetHandler "proxy:unix:/path/to/php-fpm.sock|fcgi://localhost:9000"
</FilesMatch>
Restart Apache
I am trying to configure mod_evasive for Apache 2.4.6 on CentOS, release 7.5.1804. I got clean install of CentOS, with clean install of Apache without serving any pages or anything (just example index.html saying hello world), and I installed mod_evasive using this tutorial: https://www.digitalocean.com/community/tutorials/how-to-protect-against-dos-and-ddos-with-mod_evasive-for-apache-on-centos-7
Everything works fine, unless i have to run the testing script which should send requests to server and get 403 error because of mod_evasive. Instead, I am getting 400 Bad Request.
I switched firewalld for IPtables, and I have port 80 open, in fact, the example page works ok from browser. Also, SELinux mode is set to permissive.
Any suggestions?
You will most likely have to change the perl script (usually saved in /usr/share/doc/libapache2-mod-evasive/examples/test.pl) to make this work, e.g.
Original line:
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
Re-worked line:
print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";
From https://centosfaq.org/centos/apache-mod_evasive-problem-with-testpl/
The issue was not with mod_evasive or its configuration. In my case I had to tweak the configuration of mpm_prefork_module like below to get mod_evasive configuration to work:
StartServers 10
MinSpareServers 10
MaxSpareServers 10
MaxRequestWorkers 80
MaxConnectionsPerChild 0
Basically fix the number of servers to constant by setting StartServers = MinSpareServers = MaxSpareServers = {your_magic_number} and set MaxConnectionsPerChild=0, so that no new server processes are spawned and no re-cycling of connections happen, allowing Child to hold infinitely many concurrent connections.
Hope this saves your day!
After a few days, I found that there was an error in testing script provided with mod_evasive...
I corrected it and found out that installation was ok.
So I'm running Tomcat(8.0) behind Apache(2.4) on Windows Server 2012 and using ProxyPass to pass through all traffic. Everything works fine, but whenever I do nothing for 60 seconds, and then hit the server again, i get a 8-20 second delay, like apache is creating a new process to handle the request.
My configuration is pretty much the default that comes with Apache Haus, with the addition of the proxy stuff, which I believe is the culprit:
ProxyPass /static/ !
ProxyPass / http://localhost:8088/
ProxyPassReverse / http://localhost:8088/
I added the
/static/ !
exemption to see if same problem would happen on static files being served, and apparently it does. I further narrowed it down by commenting out all the ProxyPass stuff, and verifying my static file always loads fast. Then i uncommented ProxyPass stuff, and only requested my static file, and it again always returned fast. But once I hit a URL that takes me through the proxy, wait a minute, then hit it again, something goes horribly wrong. Below is network monitor output for two requests, first of the static file being requested a second time after a 1 minute delay before proxy use, the other after the proxy had been used twice with delay between proxy requests.
3501 4:17:48 PM 10/21/2015 104.2752287 httpd.exe HTTP HTTP:Request, GET /static/index.html
3502 4:17:48 PM 10/21/2015 104.2760830 httpd.exe HTTP HTTP:Response, HTTP/1.1, Status: Not modified, URL: /static/index.html
After (8 seconds to return):
24232 4:26:13 PM 10/21/2015 608.7355960 httpd.exe HTTP HTTP:Request, GET /static/index.html
24775 4:26:20 PM 10/21/2015 616.0896861 httpd.exe HTTP HTTP:Response, HTTP/1.1, Status: Not modified, URL: /static/index.html
I'm noticing more of this SynReTransmit line after it was initially broken, not sure if it's relevant:
24226 4:26:13 PM 10/21/2015 608.7286692 httpd.exe TCP TCP:[SynReTransmit #24107]Flags=......S., SrcPort=61726, DstPort=HTTP(80), PayloadLen=0, Seq=1157444168, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192
But basically every call, be it to static file or over proxy, if it's been over 60 seconds since the last call, will take forever to get a response!
Any ideas?
UPDATE:
I was running a slightly older version of Apache, 2.4.12, but updating to latest, 2.4.17, didn't fix it. I've tried all sorts of keepalive settings, nothing seems to help. On another forum i was directed at this apache dev thread which has a proposed patch for what sounds like a similar issue, guess I'll wait for an apache update:
http://marc.info/?l=apache-httpd-dev&m=144543644225945&w=2
Try explicitly tuning the ProxyReceiveBufferSize:
# For increase throughput (bytes)
ProxyReceiveBufferSize 2048
In httpd config, add these follow lines:
AcceptFilter http none
AcceptFilter https none
EnableSendfile Off
EnableMMAP off
right after this line:
Listen 80
My response get less than 2 time but it still quite slow than normal.
From https://www.apachelounge.com/viewtopic.php?p=26601
I was using Apache httpd as reverse proxy and it was drastically slow (2 mins to load a single web page). But, as soon as changed the hostname to IP address it was super fast.
before:
ProxyPass "/home" "http://hostname.domain.com:port/home"
After:
ProxyPass "/home" "http://ip:port/home"
Hope it helps someone.
I'm trying to configure apache to react faster. Currently I experience heavy lags and huge response times. When I googled for answers, there were articles mentioning KeepAlive, MaxClients and AllowOverride so my focus is on them for now, I guess. I just don't seem to find them.
Here is a the phpinfo(); output:
apache2handler
**************
Apache Version Apache/2.4.12 (Win64) PHP/5.6.8
Apache API Version 20120211
Server Administrator admin#example.com
Hostname:Port
Max Requests Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts Connection: 60 - Keep-Alive: 5
Virtual Server No
Server Root C:/Apache24
Loaded Modules core mod_win32 mpm_winnt http_core mod_so mod_access_compat
mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_authn_core mod_authn_file
mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cgi
mod_dir mod_env mod_include mod_isapi mod_log_config mod_mime mod_negotiation mod_php5
mod_rewrite mod_setenvif
Directive Local Value Master Value
engine 1 1
last_modified 0 0
xbithack 0 0
Maybe somebody can explain this output to me? I particular:
"Timeouts" = "Connection: 60" setting
"Per Child" = "0" setting
If I understand this right:
there are 60 connections to be allowed
simultaneously
every connection has a maximum of 100 requests (why
so many?)
the server allows a client to load all the ressources
in one request for 5 seconds
maybe those settings are to be found in httpd.conf and not in php.ini? (right now I don't have access to those files)
As far as I know the Timeouts relates to how longer the server will wait for connection, with 60 seconds being the default.
The Per Child bit has to do with how many threads your running per child process.
I'm a bit vague on this stuff but have a read through the docs and you should find all the explainations you need!
I am using the following Apache config to forward requests to a Tomcat server:
ProxyPass /myapp ajp://localhost:8009/myapp max=2
This is a simplified config, but is enough to reproduce the issue, which is that the max parameter has no effect. If I through 10 concurrent requests to Apache, all 10 are forwarded to Tomcat at the same time, while I would like to have them forwarded 2 by 2. Should I use something other than the max parameter for this?
The max=2 failed to limit the number of requests concurrently forwarded to Tomcat because I was running this on UNIX, and my Apache came preconfigured with prefork MPM, which creates one process per request. The max applies per process, hence doesn't have the desired effect.
If you are in this situation and need to limit the number concurrent request forwarded to Tomcat, then you'll need to replace your Apache with a worker or event MPM Apache, in the config set ServerLimit to 1, and ThreadsPerChild and MaxClients to the same value, which will be the total number of concurrent connections your Apache will be able to process. You can find more information about this in this section documenting the recommended Apache configuration for Orbeon Forms.
service apache2 restart