[ic] mod_interchange and Apache MaxClients
Ron Phipps
rphipps at reliant-solutions.com
Sun Nov 20 13:12:03 EST 2005
> From: interchange-users-bounces at icdevgroup.org
[mailto:interchange-users-
> bounces at icdevgroup.org] On Behalf Of John1
> Sent: Sunday, November 20, 2005 5:56 AM
>
> On Sunday, November 20, 2005 1:30 PM, list_subscriber at yahoo.co.uk
wrote:
>
> > Number of TCP and UDP connections for each IP, grouped by state
> > 3 our_website's_IP CLOSE_WAIT
> > 3 our_website's_IP FIN_WAIT2
> > 10 hackers_IP CLOSE_WAIT
> >
> > There were also another 6 connections where the foreign
> > address was actually the same as local address i.e. both were the IP
> > address
> > of the website - I am not sure why localhost would have a connection
> open
> > to
> > itself - I am intrigued, but I am sure it is not relevant to the
server
> > going down.
> >
> Ahh yes, I have just realised that the connections from localhost will
be
> Ron's "check if site is up" script which runs every minute as a cron
job.
>
> BTW, I have noticed that Apache 1.3.34 has recently been released to
fix a
> security flaw:
>
> "If a request contains both Transfer-Encoding and Content-Length
headers,
> remove the Content-Length, mitigating some HTTP Request
Splitting/Spoofing
> attacks."
>
> Could this be related to the website hanging?
>
> "mitigating some HTTP Request Splitting/Spoofing attacks" - I am not
sure
> exactly what this means - is it a "must do/urgent" upgrade? Thanks
If we have the same issue then 1.34 will not resolve the problem. We
have seen the site go down both with 1.33 and 1.34. At first I thought
it was 1.34 causing the problem since we upgraded that a few weeks ago,
but I downgraded and still had the issue.
-Ron
More information about the interchange-users
mailing list