Too Many Apache Connections

spmfox

Member
Jul 21, 2014
7
0
1
cPanel Access Level
Root Administrator
Hello! I have one particular user that keeps getting blocked via CSF for too many connections. I am aware how to override this in CSF, however I'd like to understand why there are so many connections.

This all started via an email I got from CSF, which is attached to this post (long text). I grepped the logs for that IP address, and this is all I found:

Code:
Apache error log
==================
[Tue Nov 11 08:24:46 2014] [error] server reached MaxClients setting, consider raising the MaxClients setting

CSF log
==================
Nov 11 08:25:15 srv lfd[2829]: (CT) IP XXX.XXX.XXX.102 (US/United States/XXX-XXX-XXX-102.XXX.XXX.net) found to have 271 connections - *Blocked in csf* for 1800 secs [CT_LIMIT]
This user is one of my resellers, and I know for a fact that they are asleep at this moment and not actually on the server. Their computer is on however. I set up an email alert for this, and the only user that ever hits this is him. We have dozens of end-users, plus hundreds of actual website visitors and I've never seen this happen with anyone else.

Can anyone shed some light on the excessive "CLOSE_WAIT" connections? Thank you in advance!
 

Attachments

spmfox

Member
Jul 21, 2014
7
0
1
cPanel Access Level
Root Administrator
Quick correction, I thought this user was my reseller - as we've had this problem before, but I confirmed just now that it was not my reseller - it was a normal user.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

I suggest contacting the user directly to see what actions they are taking that are leading to those connection requests.

Thank you.
 

spmfox

Member
Jul 21, 2014
7
0
1
cPanel Access Level
Root Administrator
Michael,

Thank you for the reply - however I do not know who that is or have contact with them. I know when we've hit this issue before, my reseller was doing nothing but browsing one of his websites.

Are there any logs or statistics I can look at on cPanel/WHM to help diagnose this in the future?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
The next time this happens you could check the full Apache status (e.g. "service httpd fullstatus") and then review the domain access log for the account to see what type of requests have been made. If it's not an actual client, then you may want to simply block the IP address in your firewall.

Thank you.