For well over a year and a half I have been running Apache (using HTTPD, naturally) through WAMP without issue, or at least no issues like this. On this system, we host around 8 or so different web sites and a few applications that use the MySQL database.
Recently I had a full system crash and when I rebuilt the system on the same operating system with the same versions of Apache, MySQL, and PHP and near-identical configuration files.
The issue I am having is this: On startup our web services initially seem to work fine, and this can hold over for an hour or so, sometimes less, sometimes more. However after some period of time, all web sites suddenly become entirely unavailable, to include the localhost landing on the web server itself or any local browsing for that matter. Apache identifies as still running, remains listening on port 80, and has no abnormal access or error logs (to include in debug mode).
I've gone over this quite a few times, reinstalled WAMP and have interchanged different versions of Apache. Additionally I've vetted the configuration files compared to the old system and have ensured that the modules, extensions, and so on are the same as our previous version.
I would really appreciate any insight as I continue to rack my head over what might be causing this erroneous issue.
--
Some additional details and notes that might prove insightful.
I've ensured the firewall isn't an issue, plus that wouldn't explain the sudden downtime or downtime at the localhost.
A restart of just the Apache service tends to fix the issue, but only for a little while.
Because we host multiple web sites, we do use virtual hosts. They work fine when the system is up and I don't believe they are of issue.
The issue tends to result in indefinite "Waiting for host (site.com, localhost, etc.)".
When I reset Apache during that indefinite error, it then errors out with "The connection to site.com was interrupted.", so something is still running.
During these downtimes, httpd -d DUMP_VHOSTS is able to return the active virtual hosts.
Using ab -n 1000 site.com when the site is 'down', the following result occurs:
Benchmarking site.com (be patient)
Completed 100 requests
Completed 200 requests
apr_pollset_poll: The timeout specified has expired (70007)
Total of 216 requests completed
Add this into httpd.conf
EnableMMAP off
EnableSendfile off
AcceptFilter http none
AcceptFilter https none
This will disable Apache from using some of the more advanced functions for networking that the OS provides.
These functions can get broken with 3rd-party software installs.
Sometimes reinstalling TCP/IP (winsock) can remove the 3rd-party filters/drivers attached to the network layer.
netsh winsock reset
Related
I'm using Digitalocean cloud hosting server and apache2 in Ubuntu 16.04 VPS. I can browse the site from my local PC and check apache access.log to see the page requests. However when using a mobile device, I cannot get a response from the website. I can ping the server IP address from my phone successfully. However, any requests for the domain root do not create any record in the access.log.
I have attempted to uninstall fail2ban as per this threads:
https://www.digitalocean.com/community/questions/how-to-debug-solve-a-err_connection_timed_out-error-when-this-error-happens-on-some-browsers-but-not-in-another
http://installion.co.uk/ubuntu/vivid/universe/f/fail2ban/uninstall/index.html
I have also tried simply serving a phpinfo() page. However, no still no records in access.log when trying to access from mobile devices. The site is has https enabled and is serving perfectly to a PC.
Also, using a browser testing site (https://www.browserstack.com/) I also get connection timed out errors, and no response records in the access.log.
Any suggestions on where to start troubleshooting this? Is this possibly a problem with Digitalocean itself? Is there anything in the LAMP stack that would specifically be blocking some browsers or IP addresses?
It sounds to me like one of two things is happening here:
Your DNS is not set to point to that IP, but you set it in your operating system's host file on your computer.
Your DNS is correct, but other systems are not yet seeing the change you've made.
Try visiting the IP of the server directly from your mobile device. If anything occurs besides timing out, be it a redirect (even if failed) or a page load, you will know that DNS resolution is the issue. Given that you can ping the IP from your phone I would suggest fail2ban is not related, as fail2ban should block ping as well.
If it turns out to be #2 there, it's just a game of waiting. DNS changes can take up to 48 hours to be seen by all systems. In most cases 4-6 hours is common, but 48 hours is still the recognized standard of "it could possibly take this long."
Jarland
We have a small farm of REST-servers that are behind an Apache 2.4 webserver. Apache serves some static resources and proxies REST-calls to the backend. Every now and then we are hit by a DOS-attack (probably from malicious software on Android phones). The attack lasts several hours and fires over 10 requests per second.
I was hoping that Apache could detect such an attack and prevent the requests from reaching our backend servers. I tried mod_evasive but doesn't seem to work.
Is there some other module for Apache that can block malicious clients?
I ended up installing a new Ubuntu 16 server with Apache 2.4.18 and mod_evasive. Now it all works as expected.
My previous setup used an older Ubuntu 14 and Apache 2.4.8 so maybe that combination was not compatible with mod_evasive.
Backstory: A couple of years ago my group changed the server on which coldfusion runs to Apache instead of IIS. I changed my dev environment to run CF on Apache httpd and everything was fine. Later we changed the session variables to j2ee, but I have never been able to get j2ee to work on dev so I am still using regular session variables on dev. Lately I am getting session persistence failure on test but I can't reproduce on dev. In looking for differences in CF server settings between test and dev I discovered that test is running on Tomcat while dev is running on Apache httpd.
My problem real problem is how to get j2ee session vars to work on dev. My question right now is how do I change my server from Apache httpd to the Tomcat that is built in with CF 10? Is there a way to do this without starting over with a fresh install of CF 10 as those are the only instructions I can find?
System: Windows 7
IIS and Apache are not (for Coldfusion, anyway) application servers. They are your front-end web servers. Your 'application server' in this setup is the software running the "application" of Coldfusion via servlets, and that's Tomcat.
While it is possible to use CF's builtin Tomcat server as your front-end web server, it isn't advisable, and it's almost certainly got nothing to do with your problem. Apache is more than capable of doing what you need and a problem with J2EE session variables is going to be related either to your JVM (are you using more-or-less the same version as your production server?) or to Tomcat itself.
Think about how J2EE sessions work. A request comes in and hits your front-end server (httpd), which, presumabl through mod_proxy or mod_jk, hands that connection over to Tomcat. Until this happens, that your system is even running a JVM isn't relevant -- neither Apache nor IIS care about Java. I wouldn't go so far as to say that it's impossible for an Apache problem to be monkeying with your session variables, but it would be pretty low on my list of suspects.
Once Tomcat (and then CF) get involved, then your JVM is doing all the work, so that's where I'd look. I'd also have a look at CF logs and Tomcat logs.
To properly answer your question, though, if you want to remove Apache from the loop, you're looking at Tomcat's server.xml and web.xml in /cfusion/runtime/conf - you'd need it running on port 80 (or else reconfigure Apache to just pass all requests to Tomcat instead of only CFML, but that doesn't really do what you asked about since Apache is still involved). You'd also have to reproduce your entire Apache configuration in Tomcat, which I've never done and wouldn't recommend, but that's the direction you'd need to investigate.
Much better to work on solving your session problem. Killing Apache is just collateral damage here.
I run a 2GB RAM Linode (Ubuntu) that hosts a few WordPress websites. Recently my server has been OOMing and crashing and I have been up all night trying to find out what's causing it. I have discovered there I get an enormous influx of traffic (a tiny DoS) that brings the whole thing down.
I have access logs setup across all of the virtual hosts and I am using tcptrack to monitor activity on the server.
The traffic appearing in my access logs does not account for the traffic I am seeing on tcptrack. i.e. there are a dozen i.p. addresses that are constantly opening and closing connections on the server, but are nowhere to be seen in the access logs for each virtual host.
Clearly it's because these i.ps are not hitting the virtual hosts, but I have tried to set up access logs to monitor server-wide traffic so that I can see what requests their making but I'm really struggling.
Can anyone please point me in the right direction, perhaps tcptrack is just too simplified to provide any meaningful insight?
Start using mod_security
https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_Apache
Debian has it which means Ubuntu likely does as well. You should also make sure the kernel is setup properly, search google for SYN_COOKIES. Look into iptables/shorewall etc. Shorewall is a package that wraps iptables. Iptables can be configured for detect floods and start dropping packets.
I was hosting 3 websites from my home server with IIS and due to all of the issues I ran into like sendmail with a php script, I completely uninstalled IIS from Server Manager and installed xampp. I am using Windows Server 2012 R2. Apache will not start due to port 80 being used. I have already tried many of the fixes scattered across the web. Things I have tried:
-Web deployment agent Service has been disabled
-World Wide Web Publishing service is not on any list of services for my PC-Skype is not installed on my PC-MSSQL Server Reporting Services is disabled - I have ran netstat -aon | findstr :80 an serched for all prosesses with port 80, and PID 4 which is NT Kernel & System.
This is where I am stuck, I can not for the life of me find out what is using port 80. I know I can change apache's listening port to 8080 or whatever but I do not want to do that as the URL would have to show that. Is it possible I could have a virus? Are there other ways to narrow down what could be causing this?
Probably the easiest thing to do is point a browser at your server and see what pops up. Sometimes a shutdown and then a restart (not a restart from the Start button, but an actual shutdown) helps clear up various M$ server issues. Good luck!