maxo-tt

Active Member
Dec 22, 2012
29
0
1
cPanel Access Level
Root Administrator
hello people. i have one big problem that cant fix with myself. searched google but nothing found...

so time to time(not usualy the same time or same interval) i'm getting about 300 connection from 127.0.0.1 and apache hangs till i restart it...

i use this command to count connections per ip.
Code:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
may it be ddos attack? if so, how it may be connections from localhost?

that's my apache2 config. any idea?
Code:
Timeout 30
TraceEnable Off
ServerSignature Off
ServerTokens ProductOnly
FileETag None
StartServers 10
<IfModule prefork.c>
MinSpareServers 5
MaxSpareServers 30
</IfModule>
ServerLimit 600
MaxClients 600
MaxRequestsPerChild 0
KeepAlive Off
KeepAliveTimeout 2
MaxKeepAliveRequests 100

system:
WHM 11.34.1 (build 5)
Centos 6.3
Apache/2.2.23

server: 2X xeon x5570 Ram: 24GB
 
Last edited:

maxo-tt

Active Member
Dec 22, 2012
29
0
1
cPanel Access Level
Root Administrator
no, nothing at all. i have just installed cpanel and nothing more... almost everything default... just installe some security modules from EasyApache and increased some apache settings...

p.s

apache loaded modules:
Code:
Loaded Modules:
 core_module (static)
 authn_file_module (static)
 authn_default_module (static)
 authz_host_module (static)
 authz_groupfile_module (static)
 authz_user_module (static)
 authz_default_module (static)
 auth_basic_module (static)
 include_module (static)
 filter_module (static)
 deflate_module (static)
 log_config_module (static)
 logio_module (static)
 env_module (static)
 expires_module (static)
 headers_module (static)
 unique_id_module (static)
 setenvif_module (static)
 version_module (static)
 proxy_module (static)
 proxy_connect_module (static)
 proxy_ftp_module (static)
 proxy_http_module (static)
 proxy_scgi_module (static)
 proxy_ajp_module (static)
 proxy_balancer_module (static)
 ssl_module (static)
 mpm_prefork_module (static)
 http_module (static)
 mime_module (static)
 status_module (static)
 autoindex_module (static)
 asis_module (static)
 info_module (static)
 suexec_module (static)
 cgi_module (static)
 negotiation_module (static)
 dir_module (static)
 actions_module (static)
 userdir_module (static)
 alias_module (static)
 rewrite_module (static)
 so_module (static)
 qos_module (shared)
 frontpage_module (shared)
 bwlimited_module (shared)
 auth_passthrough_module (shared)
 fastinclude_module (shared)
 suphp_module (shared)
 security2_module (shared)
maybe you talking about apache2 proxy module?

they were activated by default. i'll disable it...
Code:
 proxy_module (static)
 proxy_connect_module (static)
 proxy_ftp_module (static)
 proxy_http_module (static)
 proxy_scgi_module (static)
 proxy_ajp_module (static)
 proxy_balancer_module (static)
 
Last edited:

JaredR.

Well-Known Member
Feb 25, 2010
1,834
24
143
Houston, TX
cPanel Access Level
Root Administrator
I was not referring to Apache's mod_proxy. I was referring to nginx and other third-party caching and proxy systems that do not come with cPanel but our customers sometimes install.

mod_proxy needs to be enabled in order for cPanel's proxy subdomains (whm.domain.tld, cpanel.domain.tld, webmail.domain.tld) to work, which is why it is enabled by default. I apologize for any confusion, but it is not what I was trying to ask about.

We would be happy to take a look to see if anything in cPanel is causing the connections from 127.0.0.1, if you submit a ticket.
 

maxo-tt

Active Member
Dec 22, 2012
29
0
1
cPanel Access Level
Root Administrator
yes, i've disabledmod_proxy but the same again...

i noticed that mod_prefork causes this hang. 2 days ago i've switched to mod_worker, and got good uptime. no crash.

then i returned to prefork, and apache started crash. now using worker.. but worker needs more resource ....

i'll submit a ticket asap.

i did it
Request Id:3595683


p.s
i did custom script that checks apache and restarts if hang. sends also mail. works so...
Code:
if ( wget --timeout=7 --tries=1 http://localhost/robots.txt )
thats log to see hang interval

 
Last edited: