Apache 2.2 - 许多 READ 状态请求 - 但这不是 slowloris 攻击

tag-icon tag-icon apache-2.2 centos6
Apache 2.2 - 许多 READ 状态请求 - 但这不是 slowloris 攻击

我遇到了 Apache 问题,读取请求速度很慢(见图)。这不是 slowloris - 我们有 mod_antiloris。在此服务器上,来自许多域的一个域每分钟有数千个请求(一些移动应用程序检查状态)。我可以设置什么来提高性能?

尝试了许多配置。这是当前的配置:

KeepAlive Off
StartServers       8
MinSpareServers    15
MaxSpareServers  20
ServerLimit      50
MaxClients       50
MaxRequestsPerChild  50
ListenBackLog 65536

ˇ sysctl -p

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
vm.swappiness = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_no_metrics_save = 1

慢速读取请求

编辑1:

所有服务器都存在此问题,但读取中的连接数约为 5。有时读取中的连接数达到最大值。谢谢。

编辑2

#0  0x00007f92aad5f098 in __poll (fds=0x7ffffd321a10, nfds=1, timeout=<value optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:83
#1  0x00007f92ab259717 in apr_wait_for_io_or_timeout (f=<value optimized out>, s=<value optimized out>, for_read=1)
    at support/unix/waitio.c:51
#2  0x00007f92ab25501a in apr_socket_recv (sock=0x7f92b4e372f8, buf=0x7f92b4e69568 "itoposvem.cz", len=0x7ffffd321af0)
    at network_io/unix/sendrecv.c:87
#3  0x00007f92abc4b465 in socket_bucket_read (a=0x7f92b4e41be8, str=0x7ffffd321af8, len=0x7ffffd321af0, block=<value optimized out>)
    at buckets/apr_buckets_socket.c:36
#4  0x00007f92abc4a417 in apr_brigade_split_line (bbOut=0x7f92b4e68bf0, bbIn=0x7f92b4e37e20, block=APR_BLOCK_READ, maxbytes=8192)
    at buckets/apr_brigade.c:319
#5  0x00007f92ac7928a2 in ap_core_input_filter (f=0x7f92b4e37dc0, b=0x7f92b4e68bf0, mode=AP_MODE_GETLINE, block=APR_BLOCK_READ,
    readbytes=0) at /usr/src/debug/httpd-2.2.15/server/core_filters.c:155
#6  0x00007f92a64d8d09 in logio_in_filter (f=<value optimized out>, bb=0x7f92b4e68bf0, mode=<value optimized out>,
    block=<value optimized out>, readbytes=<value optimized out>) at /usr/src/debug/httpd-2.2.15/modules/loggers/mod_logio.c:125
#7  0x00007f92ac786e26 in ap_rgetline_core (s=0x7f92b4e675e8, n=8192, read=0x7ffffd321ce8, r=0x7f92b4e675b8, fold=0,
    bb=0x7f92b4e68bf0) at /usr/src/debug/httpd-2.2.15/server/protocol.c:231
#8  0x00007f92ac78788e in read_request_line (conn=0x7f92b4e374e8) at /usr/src/debug/httpd-2.2.15/server/protocol.c:596
#9  ap_read_request (conn=0x7f92b4e374e8) at /usr/src/debug/httpd-2.2.15/server/protocol.c:913
#10 0x00007f92ac79fa30 in ap_process_http_connection (c=0x7f92b4e374e8) at /usr/src/debug/httpd-2.2.15/modules/http/http_core.c:183
#11 0x00007f92ac79b7d8 in ap_run_process_connection (c=0x7f92b4e374e8) at /usr/src/debug/httpd-2.2.15/server/connection.c:43
#12 0x00007f92ac7a7ad7 in child_main (child_num_arg=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:667
#13 0x00007f92ac7a7dea in make_child (s=0x7f92adb59860, slot=8) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:763
#14 0x00007f92ac7a8a6c in perform_idle_server_maintenance (_pconf=<value optimized out>, plog=<value optimized out>,
    s=<value optimized out>) at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:898
#15 ap_mpm_run (_pconf=<value optimized out>, plog=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/httpd-2.2.15/server/mpm/prefork/prefork.c:1102
#16 0x00007f92ac77f9b0 in main (argc=1, argv=0x7ffffd3221c8) at /usr/src/debug/httpd-2.2.15/server/main.c:763

相关内容