The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apache too many connection

Discussion in 'EasyApache' started by prashant_ohol, Sep 24, 2010.

  1. prashant_ohol

    prashant_ohol Active Member

    Joined:
    Nov 22, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    root@localhost [~]# netstat -apn |grep 80 |wc -l
    930
    root@localhost [~]# netstat -apn |grep 80 |wc -l
    965
    root@localhost [~]# netstat -apn |grep 80 |wc -l
    876
    root@localhost [~]#
    root@localhost [~]# netstat -apn |grep SYN_RECV |wc -l
    26
    root@localhost[~]# netstat -apn |grep SYN_RECV |wc -l
    19
    root@localhost [~]# netstat -apn |grep SYN_RECV |wc -l
    20
    root@localhost [~]#

    does mod_evasive will help in this case?


    Prashant
     
  2. WiredTree Joe

    WiredTree Joe Well-Known Member
    PartnerNOC

    Joined:
    Dec 13, 2006
    Messages:
    68
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Chicago, IL
    What exactly are they connecting to? If you can,

    service httpd fullstatus

    and see what they are hitting. Also, is it coming from all over the place or just a few IPs. You can try blocking them on the firewall if it is only from a few IPs. It might just be legitimate traffic.

    In most cases, mod_evasive isn't going to do much if you are under heavy concurrent connections to port 80.
     
  3. prashant_ohol

    prashant_ohol Active Member

    Joined:
    Nov 22, 2004
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    They all are hitting to one of my website.

    do you mean to say that mod_evasive will not help with heavy concurrent connections to port 80?


    Prashant
     
  4. GaryT

    GaryT Well-Known Member

    Joined:
    May 19, 2010
    Messages:
    321
    Likes Received:
    3
    Trophy Points:
    16
    Sounds like a SYN flood or you just have one busy server.

    Yes mod_evasive will block these, Also putting on dos_delfate is always good idea and make it work with IPtables.
     
Loading...

Share This Page