[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-users
Subject:    Re: [users@httpd] high count h2 idle streams
From:       Daniel <dferradal () gmail ! com>
Date:       2017-10-16 10:26:03
Message-ID: CAHti5NFQaKr6baxrAq_dxy6D1_75ZFLMNzzgpy5UWn+vV-v-pg () mail ! gmail ! com
[Download RAW message or body]

Note Apache httpd also has a non-third party module called
mod_reqtimeout to prevent SlowLoris attacks

2017-10-09 13:40 GMT+02:00 Hajo Locke <Hajo.Locke@gmx.de>:
> Hello,
>
>
> Am 09.10.2017 um 12:33 schrieb Hajo Locke:
>>
>> Hello List,
>>
>> found today an abnormality in my apachestatus for some servers.
>> There are a lot of "h2  idle, streams" in apachestatus. This looks like
>> this:
>>
>> 14-0 28241 0/41/41 K  0.25 128 1 0.0 0.10 0.10  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 15-0 28242 0/11/11 K  0.25 120 1 0.0 0.61 0.61  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 16-0 28243 0/15/15 K  0.22 8 1 0.0 0.39 0.39  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 17-0 28245 0/25/25 K  0.40 278 1 0.0 1.13 1.13  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 18-0 28246 0/46/46 K  0.52 35 54 0.0 1.53 1.53  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 19-0 28250 0/7/7 K  0.12 58 0 0.0 0.02 0.02  ip.ip.ip.ip h2  idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 20-0 28277 0/3/3 K  0.24 243 66 0.0 0.23 0.23  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 21-0 28278 0/8/8 K  0.15 102 1 0.0 0.29 0.29  ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 22-0 28280 0/5/5 K  0.12 18 1 0.0 0.31 0.31  ip.ip.ip.ip h2  idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>>
>> Some servers have hundreds of this, never noticed this before.
>> This connections have status K or W. Ist this a kind of attack to reach
>> MaxRequestWorkers?
>> It seems the number of this connections can be reduced by reducing
>> H2MaxWorkerIdleSeconds to a lower value.
>> Apacheversion is 2.4.27.
>> What should i do now?
>
> it seems that i found problem. it looks like standard-dos with slowloris. i
> think i just was confused by mod_http2 output. deactivating http2 just shows
> same problem with http1.1
> mod_qos is a really good helper for this kind of problems.
>
>>
>> Thanks,
>> Hajo
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



-- 
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]