httpd high load
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Eric Merkel
  2. Thursday, 11 May 2017
  3.  Subscribe via email
We've have been having trouble recently with a cpanel server where httpd stops responding or is very slow. The server is running Cloud Linux 6 and all users are caged. Normally we look at open httpd connections and find the IP(s) with the most # of connections and block them, restart httpd and the load and response goes back to normal.

Sometimes these IP's have 50-200 connections. I thought the CL should stop them at the EP (Entry Process) which we have at the default 20? I suppose they could be hitting multiple sites, but when looking at lvetop, it does not appear to be that way.

I have a few questions.

1) Are there any changes to Cloud Linux you could recommend to help with this issue?

2) Are there any changes to Apache that would help? We have turned off Keep Alives as well as increasing the number of child processes,etc. We are still running EA3.

3) Besides Apache status, top, netstat, iotop, lvetop are there any tools to figure out what sites/URL are being attacked? Most of the time it looks like various accounts on the server so it is not obvious what is getting attacked.

Thanks for any advice.

Best regards,
Eric
Rate this post:
  1. 15.05.2017 08:05:07
  2. # 1
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
Hi,

1. Usually we do not perform apache optimizations, but sure we can check this issue, please create support ticket. We would need some files from the time issue is happening, like saved apache fullstatus page etc. As well - cldoctor key generated with

wget -qq -O - https://www.cloudlinux.com/clinfo/cldoctor.sh|bash



2. By default CloudLinux does not limit static files but only cgi/php . If most requests are going to static files - they will stay 'connected' and not increase EP limits. You can try pushing absolutely all request into user's LVE adding wildcard to /usr/local/apache/conf/modhostinglimits.conf and restarting apache. Just please monitor it for some time as websites could be limited more often then before.

3. The main helper in this case is apache status page, just detect which site gets most connections.
  1. 17.05.2017 09:05:49
  2. # 2
Pascal Accepted Answer
Posts: 2
Joined: 17.05.2017
0
Votes
Undo
We are having exactly the same problem which started about 4 weeks ago. It has got so bad that we have asked a server optimisation specialist to check our servers. He has advised us that it may be "an issue with the later cloud Linux kernels as it does not happen on older kernels" and that he has seen that on many CL servers.

Can CL confirm if they know about this problem?

Thank you.

Pascal
  1. 17.05.2017 09:05:01
  2. # 3
Bogdan Accepted Answer
Posts: 709
Joined: 26.06.2013
0
Votes
Undo
We are not aware about such issue, but definitely we are interested sorting it out. Please create support request with https://cloudlinux.zendesk.com/hc/en-us/requests/new

Thanks.
  1. 17.05.2017 10:05:59
  2. # 4
Pascal Accepted Answer
Posts: 2
Joined: 17.05.2017
0
Votes
Undo
Hello Bogdan,

Thank you for your reply. A support ticket is already opened - #11264

Please see my latest message in that ticket.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.