|
Graham Dumpleton
graham.dumpleton at gmail.com
Mon Oct 1 21:46:46 EDT 2007
On 01/10/2007, Alec Matusis <matusis at matusis.com> wrote: > in the apache error log. We also got > > kernel: possible SYN flooding on port 80. Sending cookies. > > in /var/log/messages system log. Have you determined for certain that you aren't the target of an external SYN Flood DOS attack? Do a Google search for 'kernel: possible SYN flooding on port 80. Sending cookies' and you will find lots of stuff to read. Your running out of or having a large number of socket connections may be symptomatic of a large number of half open connections being created and then being left in TIME_WAIT. Thus perhaps do some better analysis of socket connection states using netstat. If not a SYN Flood, then possibly follow some of the other suggestions in the pages you will find when you do the search. FWIW, I personally would try and move from prefork to worker MPM as the number of Apache child processes you are running with is to my mind excessive. Using worker would certainly drop memory usage for a start as you wouldn't need as many child processes to be started. I wouldn't be concerned about running out of threads as when running worker I wouldn't suggest more than 25 threads per process as a starting point anyway. If your mod_python application was creating lots of threads, you are likely to hit the thread limit with prefork and not just worker so which MPM is used shouldn't be an issue in that case. BTW, what operating system are you using? Graham
|