logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_status SS values explanation
Author
Qmpeltaty



Joined: 06 Feb 2008
Posts: 182
Location: Poland

PostPosted: Wed 05 Mar '14 15:29    Post subject: mod_status SS values explanation Reply with quote

I had included mod_status to one of my Apache instance. In general this Apache instance is working very well, answering fast etc. In the other hand some of the information provided by this module are quite odd for me.



My first doubt is about SS values - isn't too much ? SS description - Seconds since beginning of most recent request - i see lot of more recent requests, so what exactly this value mean ? I thought this is the time counted from the moment when last request came to Apache, which should not be more than 0 seconds as this instance is under heavy-load all the time.

What is the NULL request ? I had a feeling that lot of the requests are just old, hanged, waiting and doing nothing more than occupying connection pool?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Fri 07 Mar '14 17:40    Post subject: Reply with quote

it just means that this slot / thread is idle since n seconds.

Even if you scroll down httpd.apache.org/server-status you can see a long idle time.

On my server it is is a little busy (~ 25%) even than there are some "264734 SS" values.


Unless every status under the "pid table" is a R or W your server could handle more requests (counts only for apache not the CPU from scripts etc or the harddrive usage)
Back to top
Qmpeltaty



Joined: 06 Feb 2008
Posts: 182
Location: Poland

PostPosted: Tue 11 Mar '14 18:54    Post subject: Reply with quote

I had found a lot of connections in W state with SS over 800000 (approx 9 days). It looks like my Apache is vulnerable to Slow HTTP Dos attack.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Wed 12 Mar '14 0:10    Post subject: Reply with quote

Well if you are afraid of a slow dos attack, on apache haus site there is Mod Antiloris

and or use mod security rules

Code:

SecRule RESPONSE_STATUS "@streq 408" "phase:5,t:none,nolog,pass, setvar:ip.slow_dos_counter=+1, expirevar:ip.slow_dos_counter=60, id:'1234123456'"
 
SecRule IP:SLOW_DOS_COUNTER "@gt 5" "phase:1,t:none,log,drop, msg:'Client Connection Dropped due to high number of slow DoS alerts', id:'1234123457'"


Maybe Steffen was already some other rules.
Back to top
Qmpeltaty



Joined: 06 Feb 2008
Posts: 182
Location: Poland

PostPosted: Wed 12 Mar '14 11:15    Post subject: Reply with quote

I had stopped this Apache instance and started again - before stopping it i had 13500 (ThreadsPerChild 14500) busy workers with 85% in W state. After stopping it and starting again i can see 500-600 workers busy max, no W with high SS values anymore.

From the one hand i'm happy that no more request are hanging, but i'm confused about the conclusion - what was the reason of hanged connections ?

The positive aspect is, that hanged requests had been initialized from clients browsers for 100% - it was not dos attack.
Back to top


Reply to topic   Topic: mod_status SS values explanation View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules