[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Re: [users@httpd] high count h2 idle streams
From: Daniel <dferradal () gmail ! com>
Date: 2017-10-16 10:26:03
Message-ID: CAHti5NFQaKr6baxrAq_dxy6D1_75ZFLMNzzgpy5UWn+vV-v-pg () mail ! gmail ! com
[Download RAW message or body]
Note Apache httpd also has a non-third party module called
mod_reqtimeout to prevent SlowLoris attacks
2017-10-09 13:40 GMT+02:00 Hajo Locke <Hajo.Locke@gmx.de>:
> Hello,
>
>
> Am 09.10.2017 um 12:33 schrieb Hajo Locke:
>>
>> Hello List,
>>
>> found today an abnormality in my apachestatus for some servers.
>> There are a lot of "h2 idle, streams" in apachestatus. This looks like
>> this:
>>
>> 14-0 28241 0/41/41 K 0.25 128 1 0.0 0.10 0.10 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 15-0 28242 0/11/11 K 0.25 120 1 0.0 0.61 0.61 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 16-0 28243 0/15/15 K 0.22 8 1 0.0 0.39 0.39 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 17-0 28245 0/25/25 K 0.40 278 1 0.0 1.13 1.13 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 18-0 28246 0/46/46 K 0.52 35 54 0.0 1.53 1.53 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 19-0 28250 0/7/7 K 0.12 58 0 0.0 0.02 0.02 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 20-0 28277 0/3/3 K 0.24 243 66 0.0 0.23 0.23 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 21-0 28278 0/8/8 K 0.15 102 1 0.0 0.29 0.29 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>> 22-0 28280 0/5/5 K 0.12 18 1 0.0 0.31 0.31 ip.ip.ip.ip h2 idle,
>> streams: 0/0/0/0/0 (open/recv/resp/push/rst)
>>
>> Some servers have hundreds of this, never noticed this before.
>> This connections have status K or W. Ist this a kind of attack to reach
>> MaxRequestWorkers?
>> It seems the number of this connections can be reduced by reducing
>> H2MaxWorkerIdleSeconds to a lower value.
>> Apacheversion is 2.4.27.
>> What should i do now?
>
> it seems that i found problem. it looks like standard-dos with slowloris. i
> think i just was confused by mod_http2 output. deactivating http2 just shows
> same problem with http1.1
> mod_qos is a really good helper for this kind of problems.
>
>>
>> Thanks,
>> Hajo
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
Daniel Ferradal
IT Specialist
email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic