Apache 为什么会创建这么多内部虚拟连接?CPU 使用率问题影响服务器性能

tag-icon tag-icon ubuntu php apache-2.4 ubuntu-16.04
Apache 为什么会创建这么多内部虚拟连接?CPU 使用率问题影响服务器性能

尝试解决一些 CPU 使用率问题并调查可能的恶意活动。作为其中的一部分,我对 Apache 日志中的大量虚拟连接感到好奇。这些连接的来源是什么?为什么这么多?

我们运行了许多 PHP/MySQL Web 应用程序。我注意到,在 CPU 峰值非常高(使用率高达 100%)时,topApache 会创建大量进程,www-data我猜这些进程是 PHP 脚本的命中率。

虚拟连接是问题的症状还是部分原因?我还可以检查哪些其他内容?

/var/log/apache2/access.log

::1 - - [09/Dec/2019:14:42:32 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:33 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:34 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:35 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:36 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:37 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:38 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:39 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:40 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:46 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:53 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:54 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:55 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:57 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:58 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:59 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:00 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:01 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:02 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:03 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:04 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:05 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:06 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:12 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:13 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:14 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:15 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:16 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:17 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:22 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:23 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:27 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:34 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:38 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:39 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:40 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:41 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:42 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:43 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:44 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:45 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:46 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:47 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:48 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:49 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:50 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:51 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:52 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:53 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:57 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:00 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:03 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:04 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:05 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:06 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"

答案1

来自 Apache 文档:

当 Apache HTTP Server 管理其子进程时,它需要一种方法来唤醒正在监听新连接的进程。为此,它会向自身发送一个简单的 HTTP 请求。此请求将出现在 access_log 文件中,其中远程地址设置为环回接口(通常为 127.0.0.1 或 ::1(如果配置了 IPv6))。如果您记录 User-Agent 字符串(如组合日志格式),您将在非 SSL 服务器上看到服务器签名后跟“(内部虚拟连接)”。在某些时期,您可能会看到每个 httpd 子进程最多一个这样的请求。

这些请求非常正常,您无需担心。只需忽略它们即可。

您可以使用 .htaccess 将请求从“内部虚拟连接”重定向到一个空文件

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^.*internal\ dummy\ connection.*$ [NC]
RewriteRule ^/$ /empty.html [L]

(不要忘记 RewriteCond 中的空格需要转义)

相关内容