LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 06-20-2013, 03:21 PM   #1
adumith
LQ Newbie
 
Registered: Feb 2013
Posts: 23

Rep: Reputation: Disabled
Thumbs up Abnormal apache behavior


Greetings friends,

I am back over here because I want to share with you a case that has me a headache for several days.

I have a server with these features:
Code:
16GB RAM
CentOS 5  64 bits
i7 - Quad Core - 2.93 Ghz H/T
RAID-1 WS
Apache 2.2
php 5
This server is my webserver, because my website is high traffic on apache I configured this way:
Code:
ServerTokens Prod
HostnameLookups Off
ServerSignature Off
TraceEnable Off
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 60
KeepAlive Off
MaxKeepAliveRequests 500 
KeepAliveTimeout 60 
<IfModule prefork.c>
	StartServers       26
	MinSpareServers    16
	MaxSpareServers    65
	ServerLimit      1560
	MaxClients       1300
	MaxRequestsPerChild  13000
</IfModule>
<IfModule worker.c>
	StartServers          5
	MaxClients          500
	MinSpareThreads      50
	MaxSpareThreads     150 
	ThreadsPerChild      50
	MaxRequestsPerChild  10
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule asis_module modules/mod_asis.so
LoadModule cache_module modules/mod_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
Include conf.d/*.conf
#ExtendedStatus On
User apache
Group apache
ServerAdmin root@localhost
UseCanonicalName Off
DocumentRoot "/home/www"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/home/www">
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

<IfModule mod_userdir.c>
    UserDir disable
</IfModule>
DirectoryIndex index.html index.htm index.php

AccessFileName .htaccess

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
#   MIMEMagicFile /usr/share/magic.mime
    MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
#EnableMMAP off
#EnableSendfile off
ErrorLog logs/error_log
LogLevel debug
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
#
ServerSignature Off
#<Directory "/var/www/icons">
#    Options Indexes MultiViews
#    AllowOverride None
#    Order allow,deny
#    Allow from all
#</Directory>
#<IfModule mod_dav_fs.c>
#    Location of the WebDAV lock database.
#    DAVLockDB /var/lib/dav/lockdb
#</IfModule>

#	ScriptAlias /cgi-bin/ "/home/www/cgi-bin/"

<Directory "/home/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif

#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz

ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddLanguage en .en
AddLanguage es .es
AddLanguage fr .fr

LanguagePriority en fr

#
ForceLanguagePriority Prefer Fallback

#AddDefaultCharset UTF-8

#AddType application/x-tar .tgz

#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz

AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

#AddHandler cgi-script .cgi

#AddHandler send-as-is asis

AddHandler type-map var

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

Alias /error/ "/home/www/error/"

<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE application/x-httpd-php application/x-httpd-fastphp application/x-httpd-eruby text/html text/plain text/css application/x-javascript
  DeflateFilterNote ratio
  DeflateCompressionLevel 7
</IfModule>


BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

<IfModule mod_disk_cache.c>
   CacheEnable disk http://www.midomain.com/uploads/
   CacheRoot /home/www/midomain.com/cache 
   CacheDefaultExpire 1200
   CacheDirLevels 5
   CacheDirLength 3
</IfModule>

<IfModule mod_mem_cache.c>
    CacheEnable mem /
    CacheDefaultExpire 300
    MCacheSize 2147483648
    MCacheMaxObjectCount 10000
    MCacheMinObjectSize 1
    MCacheMaxObjectSize 6291456
    CacheIgnoreNoLastMod On
</IfModule>

VirtualDocumentRoot /home/www/%0
VirtualScriptAlias  /home/www/%0/cgi-bin/

As you can see I use mod_disk_cache and mod_mem_cache, the problem is that since a few weeks ago I noticed that the memory cache has soared to points that almost everything takes server or desja very little available, which makes some processes PHP take too long to respond.

Someone could guide me and tell me how I can reduce that cache? I understand that htcacheclean help with mod_disk_cache but how can I reduce the cache generated by mod_mem_cache?

Thanks in advance;
 
Old 06-21-2013, 01:26 AM   #2
John VV
Guru
 
Registered: Aug 2005
Posts: 12,602

Rep: Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677Reputation: 1677
how big is your /home partition ?

"ServerRoot "/etc/httpd""
-- odd location but there should be no issue with that ( default /var/www" )

"DocumentRoot "/home/www""
also an odd location , but there should be no issue with that ( default /var/www/http " )
But might trigger some SE errors ? maybe

is there i TEMP folder in /home/www ? if so how big is it ?

what is in the Apache log ?
and is there anything in the SE log /var/log/selinux/ ???
is there anything in "massages" /var/log/massages
 
Old 06-21-2013, 10:07 AM   #3
adumith
LQ Newbie
 
Registered: Feb 2013
Posts: 23

Original Poster
Rep: Reputation: Disabled
Hello Jhon VV;

Thanks a lot for your reply;

Answered each of your questions:
1.-The / home / www / is physically located on another server and is installed on the web server by NFS. At this time the partition has an available installation of 183GB and I have used only 40GB.

2 & 3.- Wich one is your recomendation?

4.- NO, I dont have a TEMP folder at /home/www/

5.- What exactly I must lookin for at the Apache log? What do you suggest?

6.- At messages the is anything wrong or odd, but checking the SE log I found something really odd, look at it:
Code:
Jun 16 05:41:45 myservername sshd[6827]: Invalid user a from 185.12.45.30
Jun 16 06:11:45 myservername sshd[6828]: input_userauth_request: invalid user a
Jun 16 05:41:45 myservername sshd[6827]: pam_unix(sshd:auth): check pass; user unknown
Jun 16 05:41:45 myservername sshd[6827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.12.45.30
Jun 16 05:41:45 myservername sshd[6827]: pam_succeed_if(sshd:auth): error retrieving information about user a
Jun 16 05:41:48 myservername sshd[6827]: Failed password for invalid user a from 185.12.45.30 port 35961 ssh2
Jun 16 06:11:48 myservername sshd[6828]: Received disconnect from 185.12.45.30: 11: Bye Bye
Jun 16 05:41:58 myservername sshd[6829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.12.45.30  user=root
Jun 16 05:42:00 myservername sshd[6829]: Failed password for root from 185.12.45.30 port 36854 ssh2
Jun 16 06:12:00 myservername sshd[6830]: Connection closed by 185.12.45.30
Jun 16 13:52:05 myservername sshd[23592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:08 myservername sshd[23592]: Failed password for root from 114.80.247.111 port 44918 ssh2
Jun 16 14:22:08 myservername sshd[23593]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:12 myservername sshd[23594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:14 myservername sshd[23594]: Failed password for root from 114.80.247.111 port 45551 ssh2
Jun 16 14:22:14 myservername sshd[23595]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:18 myservername sshd[23596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:20 myservername sshd[23596]: Failed password for root from 114.80.247.111 port 46179 ssh2
Jun 16 14:22:20 myservername sshd[23597]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:24 myservername sshd[23598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:27 myservername sshd[23598]: Failed password for root from 114.80.247.111 port 46740 ssh2
Jun 16 14:22:27 myservername sshd[23599]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:31 myservername sshd[23600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:32 myservername sshd[23600]: Failed password for root from 114.80.247.111 port 47382 ssh2
Jun 16 14:22:32 myservername sshd[23601]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:36 myservername sshd[23602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:39 myservername sshd[23602]: Failed password for root from 114.80.247.111 port 47913 ssh2
Jun 16 14:22:39 myservername sshd[23603]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:43 myservername sshd[23604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:44 myservername sshd[23604]: Failed password for root from 114.80.247.111 port 48555 ssh2
Jun 16 14:22:45 myservername sshd[23605]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:50 myservername sshd[23606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:51 myservername sshd[23606]: Failed password for root from 114.80.247.111 port 49103 ssh2
Jun 16 14:22:52 myservername sshd[23607]: Received disconnect from 114.80.247.111: 11: Bye Bye
Jun 16 13:52:55 myservername sshd[23608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.80.247.111  user=root
Jun 16 13:52:57 myservername sshd[23608]: Failed password for root from 114.80.247.111 port 49854 ssh2
Jun 16 14:22:58 myservername sshd[23609]: Received disconnect from 114.80.247.111: 11: Bye Bye
Thanks for any help that you can give me.

Il be awaiting for your message.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Swap abnormal behavior jnreddy Linux - Server 12 02-08-2012 10:49 AM
Abnormal behavior of system date jeesun Linux - Hardware 2 08-26-2009 10:32 PM
Abnormal MRTG behavior after traffic reaches to 100 Mbs talat Linux - Software 0 06-09-2008 03:02 AM
Strange Apache Webserver Behavior AMarchini Linux - Networking 3 04-28-2005 10:49 AM
apache with strange behavior dimc Linux - Software 5 11-07-2004 03:58 PM


All times are GMT -5. The time now is 06:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration