Hey James,
All your config proposals are DoS/DDoS relevant. Timeouts
mean,
that a client can block a process or a thread (depening on
your MPM)
for a given time. A high timeout means, it will be blocked
longer.
A blocked process can not serve other clients.
If you were a bank and you would allow a customer to stand
in front of
one of your clerks without saying a word for 7200 seconds,
then this
would be an invitation to block all your clerks with only 10
people or
so. Unless you are a really big bank and it takes 25 or 50.
A connection to your server means ram (and a few cpu
cycles). 2000
maxclients means up to 2000 times the amount of ram. A
typical apache
process (in prefork mode) takes a couple of MBs. 2000 apache
processes
are a fairly big amount of ram.
On Tue, Oct 16, 2007 at 08:33:28AM -0500, James Wuerflein
wrote:
> #Timeout 300 - Default
> Timeout 7200
This means that a client can keep a request open
for 7200 seconds. Unless you absolutely have to configure
it that way, do not do that. Keep the default
or lower it to reasonable values.
Timeout 30 sounds sane to me.
> KeepAlive On
>
> MaxKeepAliveRequests 100
> ### * MaxKeepAliveRequests 0 *- thinking I should
change this to 0 ?
No. Stick with the default. It means that a client can not
block a process/thread until all eternity, but will
have to reconnect from time to time.
>
> #KeepAliveTimeout 15 - Default
> KeepAliveTimeout 7200
Stick with the default or lower it to something around 5.
5 means means the client gets a html page and can fetch all
gifs/pngs belonging to the page via the same tcp
connection.
But for the next click (after more than 5 seconds, that is)
he will have to open a new connection. 7200 seconds means,
that he browses your page, goes away to read slashdot, but
your webserver waits for 7200s to see if he can serve him
again. Usually not a good idea.
> MinSpareServers 5
> MaxSpareServers 20
This is totally dependent from your traffic. If you work
with apache2, leave it alone and stick with the default
unless you know what you are doing and you need to
reconfigure it.
> MaxClients 2000
Do you have a maximum of 2000 apache processes / threads
available on this server? If not, then set it to the
number of clients you are willing to serve at the same
time. Note, that this is actually not the number of
individual clients, but the number of connections.
Your typical browser opens up to four connections in
parallel.
If we return to the bank: This is the number of clerks
you want to have to take care of your customers.
Ideally this is a number higher than your maximum load
and very close to the value where the server crashes.
Proper performance testing should reveal the good value.
(For completeness: Imagine your bank customers having
four heads to keep four clerks busy)
> MaxRequestsPerChild 0
Leave it at the default value. If you have a broken module
or some other nasty thing, it might eat all your ram.
By telling a child to die after n requests, this memory
leak is covered and the memory is freed.
Under the line:
Unless you know what you are doing: Stick with the
default timeout values, do rather not mess with
Min/MaxSpareServers
(apache2 knows quite well what is best for him) and
if you absolutely have to tune things, then lower the
default timeout.
just my 2 cents.
Christian Folini
------------------------------------------------------------
---------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://htt
pd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe httpd.apache.org
" from the digest: users-digest-unsubscribehttpd.apache.org
For additional commands, e-mail: users-helphttpd.apache.org
|
