Apache server stopped recording accesses to the access file.

Asked

Viewed 293 times

0

I am running a Ddos attack experiment on a virtual apache server (Vmware). The attack was on the apache service and not the machine.

From a certain time (10:20 a.m.), although there were machines requesting Apache, the access.log file did not register anymore. The last log record was 408 error (because of attack).

Apache service didn’t stop (I checked). Any idea what happened? The virtual server ran Debian in text mode.

Note that the log stopped between 10:20-11:20 Logs

1 answer

2


Always remember to check the http codes in cats:

Adeus, vida cruel #morri

Basically, you did so much running to the Apache that some parts of it said "goodbye, cruel life". One of these parts was the logger/appender, which did not support the excess of requests; apache was so crowded that could not even respond in a timely manner to a request, imagine queuing the result of all these repetitions.

I’ve been looking here how the Apache handles the requisitions. I thought that for each request he opened a new thread, but I did not find in a quick search something confirming my suspicions... However, I found a reference in English about the lifecycle of an apache HTTP request. Might be worth a read.

EDIT

I found some reference on apache and threads issue at Stackoverflow International. Basically, every request apache can meet, it will create a new program context to serve it. This can generate a processing bottleneck (each processing core can only meet a single one context in this sense) as well as a bottleneck in memory (Each context requires a lot of memory to run; if we pretended to need 1KB to run, then 1 million request will create 1 million different contexts, so in this scenario, it would need at least 1GB of initial context information only; EMPHASIS: THIS IS AN EXAMPLE OF DATA INVENTED WITHOUT BASIS IN REALITY, ONLY USED TO EXPLAIN THE WEIGHT OF THESE MANY THREADS).

To avoid this kind of vulnerability, Node.js (a purely server JavaScript) uses a limited number of threads to meet requests, usually just one.

In conclusion, it would be nice to have a graph analyzing server performance showing how much CPU and memory is being used.

  • 1

    I posted the log.

  • I found some reference on a thread per request, so I’ll update my answer a little more. Maybe this stop of not meeting requests 10:20-11:20 is a server self-preservation strategy, I need to check this.

  • 1

    What should I notice in the server history? memory usage? CPU? since log not registered?

  • Yes, I suggest exactly that. I found a article in English sore speaking the difficulty of solving this problem. Another possibility to solve the problem is to use a strategy medium node.js, where there are a limited number of threads available to respond to requests, but I don’t remember if it is possible to configure this in apache (I believe it is).

  • I just found the community Server Fault, of the family of Stack Exchange. I found a question about error 408. Maybe it’s interesting to dig a little deeper

Browser other questions tagged

You are not signed in. Login or sign up in order to post.