Htcacheclean is I think only a disk based cache cleaner (something you
shouldn't really be using anyway!)
The only way to clean up apache memory is a either to kill your child processes
or restart apache itself.
-Original Message-
From: Jason Long
Sent: 12 January 2021 23:26
To: Users
Hello,
Can I use "htcacheclean" for clean memory instead of reset Apache service?
Thank you.
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Hello
I try to implement digest authentication on Apache.
The architecture is the following :
Server A is the client
Server B is the proxy (a API solution which only transmits the request as a
proxy)
Server C is my Apache server where I configure the Digest authentification
I have the following
On Tuesday 12 January 2021 05:01:09 Jason Long wrote:
> I did below rule, but not worked:
> # iptables -A INPUT -p tcp --syn --dport 80 -m connlimit
> --connlimit-above 20 -j REJECT --reject-with tcp-reset
Lessons learned while trying to stop the &^$>#@# bots from mirroring my
content on a 10 mb
For that answer you will probably have to ask a RH expert - in ubuntu there are
two folders mods_enabled & mods_available - the mods_available contains links
to the files in mods_enabled - and you can just remove the symlinks.
Not sure for just a wordpress site whether this list would be suffici
Output is:
# netstat -n | grep ':80 ' | wc
12 72 960
How to disable modules? It just a WordPress website.
On Tuesday, January 12, 2021, 02:55:14 PM GMT+3:30, James Smith
wrote:
That shows you only have 2 incoming requests. How many lines if you remove the
TIME_WAIT
T
That shows you only have 2 incoming requests. How many lines if you remove the
TIME_WAIT
Try: netstat -n | grep ':80 ' | wc
This may show lots of short requests happening over time
But to be honest the host important thing you need to do is strip down the list
of modules you are using - that i
It show me:
# netstat -n | grep ':80 ' | grep -v TIME_WAIT
tcp6 0 0 X.X.X.X:80 X.X.X.X:16126 FIN_WAIT2
tcp6 0 0 X.X.X.X:80 X.X.X.X:64595 FIN_WAIT2
On Tuesday, January 12, 2021, 02:20:00 PM GMT+3:30, James Smith
wrote:
If you want incom
If you want incoming traffic you can do:
netstat -n | grep ':443 ' | grep -v TIME_WAIT
The incoming IP should be the 2nd address
(or ':80 ' if you aren't doing SSL)
Remove the grep -v TIME_WAIT to see all connections {and recent connections}
-Original Message-
From: Jason Long
Sent:
Fail2ban show me:
https://paste.ubuntu.com/p/PsxM8yPXPQ/
On Tuesday, January 12, 2021, 01:47:28 PM GMT+3:30, James Smith
wrote:
That's one shed load of modules - when I run it on my dev server I have - you
should really go through the modules and work out which ones you are actually
Output is:
1688 323400 80850 0 /usr/sbin/httpd -DFOREGROUND
6384 517620 129405 0 /usr/sbin/httpd -DFOREGROUND
1163280 3898288 974572 63 /usr/sbin/httpd -DFOREGROUND
1250040 3912624 978156 64 /usr/sbin/httpd -DFOREGROUND
1299300 3986396 996599 84 /usr/sbin/httpd -DFOREGROUND
1367304 4012976
Yes - it is something we need to do when we come under attack at work - as
often the attacks are not enough to trigger standard intrusion detection (esp
as our requests can be quite heavy)
-Original Message-
From: Jason Long
Sent: 12 January 2021 10:07
To: users@httpd.apache.org
Subjec
Sometimes we are attacked from a farm of machines so it may have to be an ip
range that is the issue
-Original Message-
From: James Smith
Sent: 12 January 2021 10:19
To: 'users@httpd.apache.org'
Subject: RE: [users@httpd] Apache in under attack. [EXT]
Yes - it is something we need to d
Another thing to look at is to restart the apache process and see memory usage.
You can either use top. Or you can use a cron job which emails you the output
of:
ps -e -o rsz,vsz,sz,cp,cmd | grep apache2 | grep -v grep | sort -k 1 -n
to see if you start or if it grows gradually
-Original M
That's one shed load of modules - when I run it on my dev server I have - you
should really go through the modules and work out which ones you are actually
using:
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
System administrators doing it manually???
On Tuesday, January 12, 2021, 01:28:50 PM GMT+3:30, James Smith
wrote:
Rate limiting may work - but the rate may be just slightly to slow for your
setting - manually doing it is a good thing ...
-Original Message-
From: Jason Long
Modules are:
https://paste.ubuntu.com/p/DJSWpSP7xZ/
On Tuesday, January 12, 2021, 01:26:48 PM GMT+3:30, James Smith
wrote:
Can't see anything that should blow up like that to be honest - I usually use
ubuntu - which configures apache in a much, much nicer way {generally for web
deve
I did below rule, but not worked:
# iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20
-j REJECT --reject-with tcp-reset
On Tuesday, January 12, 2021, 01:15:40 PM GMT+3:30, Florian Schwalm
wrote:
It can be done with iptables or take a look at fail2ban:
http
Rate limiting may work - but the rate may be just slightly to slow for your
setting - manually doing it is a good thing ...
-Original Message-
From: Jason Long
Sent: 12 January 2021 09:21
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache in under attack. [EXT]
Thank you, but
Can't see anything that should blow up like that to be honest - I usually use
ubuntu - which configures apache in a much, much nicer way {generally for web
development stuff it is a better flavour of linux}
What is the output of:
apache2 -t -D DUMP_MODULES
to see what modules you have installe
Apache configuration is:
https://paste.ubuntu.com/p/RTC2WWMdYH/
And "www.conf" is:
https://paste.ubuntu.com/p/S9q5Kwpfcc/
And other settings:
https://paste.ubuntu.com/p/NydSyZghJ8/
Which one is not OK?
On Tuesday, January 12, 2021, 12:23:52 PM GMT+3:30, Jason Long
wrote:
It show m
It can be done with iptables or take a look at fail2ban:https://security.stackexchange.com/q/35773/213194Am 12.01.21, 10:26 schrieb Jason Long :
Thank you, but "Firewalld" or "iptables" can't do it automatically? When an IP sending many request then it automatically blocked.
Thank you, but "Firewalld" or "iptables" can't do it automatically? When an IP
sending many request then it automatically blocked.
On Tuesday, January 12, 2021, 12:49:50 PM GMT+3:30, James Smith
wrote:
Jason,
I would also query why your process are ~ 1G resident that seems quite lar
Jason,
I would also query why your process are ~ 1G resident that seems quite large
for apache.
What modules do you have enabled - even with mod_perl embedded I would not
want them to go about 500-800M depending on the site of your box.
I know Apache is very good at grabbing memory for each p
Put a firewall rule into block whatever that first IP address is then.
Something like:
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source
address='X.X.X.X' reject"
If you are seeing a current attack then you can tweak Charles' command line to:
tail -1 access.log | awk '{pr
It show me:
13180 X.X.X.X
1127 X.X.X.X
346 X.X.X.X
294 X.X.X.X
241 X.X.X.X
169 X.X.X.X
168 X.X.X.X
157 X.X.X.X
155 X.X.X.X
153 X.X.X.X
On Tuesday, January 12, 2021, 07:12:22 AM GMT+3:30, Bender, Charles
wrote:
Run this against your log file i
26 matches
Mail list logo
