LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-02-2003, 01:41 PM   #1
tarballed
Member
 
Registered: Jun 2002
Distribution: RH, FC, FreeBSD,OpenBSD
Posts: 326

Rep: Reputation: 30
Apache: limiting the number of processes that start up


Good morning everyone.

Im new to Apache and have a couple of quick questions.
What im trying to figure out is how to limit the number of processes that start up with apache...

Im running a server with mailman on it. The server is internal so nobody needs to access the web interface except myself. With that in mind, I figure I could limit the number of processes to 2 or 3..

Looking at httpd.conf, I found this line:

Code:
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
StartServers       8
MinSpareServers    5
MaxSpareServers   20
MaxClients       150
MaxRequestsPerChild  1000
</IfModule>
The line with StartServers starts 8 httpd processes, correct? I could change that too whatever amount I desire, correct?

Im just trying to make sure I secure the server and not have any process running that I dont require.

Thanks everyone...
Tarballed
 
Old 09-02-2003, 04:31 PM   #2
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
Decreasing the amout of servers started doesn't affect security. It just might affect performance, etc (depending on usage). Do you have modules which rely on the prefork mpm ? I've tried the worker mpm and I think it is quite more performant ... I have created a nice 2.0.47 configuration:

Code:
# ========================================================================
# SECTION 01:	GLOBAL CONFIGURATION
# ========================================================================
ServerAdmin		***@***.***
ServerRoot		/usr/local/webserver
ServerSignature		EMail

ErrorLog		logs/error.log
LogLevel		warn
PidFile			/var/run/apache.pid

AddDefaultCharset	ISO-8859-1
DefaultType		text/plain


	# ----------------------------------------------------------------
	# default site (displayed when IP is entered)
	# ----------------------------------------------------------------
	DocumentRoot "/var/www/default_site"

	<Location />
		php_admin_value	engine		0
	</Location>


	<Directory "/var/www/default_site">
		AddHandler		type-map var
		AddOutputFilter		Includes html
		DirectoryIndex		index.html.var
		LanguagePriority	en de
		ForceLanguagePriority	Prefer Fallback
		Options			IncludesNoExec
		Order			Allow,Deny
		Allow			from All
	</Directory>
	# ----------------------------------------------------------------


	# ----------------------------------------------------------------
	# error pages in different languages
	# ----------------------------------------------------------------
	Alias /error/ "/usr/local/webserver/data/error/"

	<Directory "/usr/local/webserver/data/error">
		AddHandler		type-map var
		AddOutputFilter		Includes html
		AllowOverride		None
		LanguagePriority 	de en es fr it nl sv
		ForceLanguagePriority	Prefer Fallback
		Options			IncludesNoExec
		Order			Allow,Deny
		Allow			from All
	</Directory>

	ErrorDocument	400	/error/HTTP_BAD_REQUEST.html.var
	ErrorDocument	401	/error/HTTP_UNAUTHORIZED.html.var
	ErrorDocument	403	/error/HTTP_FORBIDDEN.html.var
	ErrorDocument	404	/error/HTTP_NOT_FOUND.html.var
	ErrorDocument	405	/error/HTTP_METHOD_NOT_ALLOWED.html.var
	ErrorDocument	408	/error/HTTP_REQUEST_TIME_OUT.html.var
	ErrorDocument	410	/error/HTTP_GONE.html.var
	ErrorDocument	411	/error/HTTP_LENGTH_REQUIRED.html.var
	ErrorDocument	412	/error/HTTP_PRECONDITION_FAILED.html.var
	ErrorDocument	413	/error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
	ErrorDocument	414	/error/HTTP_REQUEST_URI_TOO_LARGE.html.var
	ErrorDocument	415	/error/HTTP_SERVICE_UNAVAILABLE.html.var
	ErrorDocument	500	/error/HTTP_INTERNAL_SERVER_ERROR.html.var
	ErrorDocument	501	/error/HTTP_NOT_IMPLEMENTED.html.var
	ErrorDocument	502	/error/HTTP_BAD_GATEWAY.html.var
	ErrorDocument	503	/error/HTTP_SERVICE_UNAVAILABLE.html.var
	ErrorDocument	506	/error/HTTP_VARIANT_ALSO_VARIES.html.var
	# ----------------------------------------------------------------


	# ----------------------------------------------------------------
	# modules - dynamic shared objects (DSO)
	# ----------------------------------------------------------------
	LoadModule access_module	modules/mod_access.so
	LoadModule actions_module	modules/mod_actions.so
	LoadModule alias_module		modules/mod_alias.so
	LoadModule asis_module		modules/mod_asis.so
	LoadModule auth_anon_module	modules/mod_auth_anon.so
	LoadModule auth_module		modules/mod_auth.so
	LoadModule autoindex_module	modules/mod_autoindex.so
	LoadModule cgi_module		modules/mod_cgi.so
	LoadModule cgid_module		modules/mod_cgid.so
	LoadModule deflate_module	modules/mod_deflate.so
	LoadModule env_module		modules/mod_env.so
	LoadModule expires_module	modules/mod_expires.so
	LoadModule headers_module	modules/mod_headers.so
	LoadModule imap_module		modules/mod_imap.so
	LoadModule include_module	modules/mod_include.so
	LoadModule log_config_module	modules/mod_log_config.so
	LoadModule logio_module		modules/mod_logio.so
	LoadModule mime_magic_module	modules/mod_mime_magic.so
	LoadModule mime_module		modules/mod_mime.so
	LoadModule negotiation_module	modules/mod_negotiation.so
	LoadModule php4_module		modules/libphp4.so
	LoadModule rewrite_module	modules/mod_rewrite.so
	LoadModule setenvif_module	modules/mod_setenvif.so
	LoadModule ssl_module		modules/mod_ssl.so
	LoadModule suexec_module	modules/mod_suexec.so
	LoadModule unique_id_module	modules/mod_unique_id.so
	LoadModule vhost_alias_module	modules/mod_vhost_alias.so
	# ----------------------------------------------------------------


	# ----------------------------------------------------------------
	# performance features
	# ----------------------------------------------------------------
	MaxKeepAliveRequests	100
	KeepAlive		On
	KeepAliveTimeout	015
	TimeOut			120


	<IfModule worker.c>
		StartServers		002
		MaxClients		150
		MinSpareThreads		025
		MaxSpareThreads		075
		ThreadsPerChild		025
		MaxRequestsPerChild	000
	</IfModule>


	<IfModule mod_dir.c>
		DirectoryIndex		index.html index.htm index.php
	</IfModule>

	HostnameLookups		Off
	UseCanonicalName	Off
	# ----------------------------------------------------------------


	# ----------------------------------------------------------------
	# security features
	# ----------------------------------------------------------------
	ServerTokens		ProductOnly

	User			www-data
	Group			web


		# --------------------------------------------------------
		# interfaces the server will respond to
		# --------------------------------------------------------
		Listen		***.***.***.***:80
		Listen		***.***.***.***:443
		# --------------------------------------------------------


		# --------------------------------------------------------
		# very restrictive default directory settings
		# --------------------------------------------------------
		<Directory />
			AllowOverride		None
			Options			None
			Order			Deny,Allow
			Deny			from All
		</Directory>
		# --------------------------------------------------------


		# --------------------------------------------------------
		# do not let anybody view .ht* files (.htaccess, etc)
		# --------------------------------------------------------
		<Files ~ "^\.ht"> 
			Order			Deny,Allow
			Deny			from All
		</Files>
		# --------------------------------------------------------


		# --------------------------------------------------------
		# general SSL configuration
		# --------------------------------------------------------
		<IfModule mod_ssl.c>
			SSLMutex		sem
			SSLPassPhraseDialog	builtin
			SSLSessionCache		none
			SSLSessionCacheTimeout	300
			SSLRandomSeed startup	file:/dev/urandom 1024
			SSLRandomSeed connect	file:/dev/urandom 1024
		</IfModule>
		# --------------------------------------------------------
	# ----------------------------------------------------------------




<IfModule mod_alias.c>
	# ----------------------------------------------------------------
	# icons (for directory listing)
	# ----------------------------------------------------------------
	Alias /icons/	"/usr/local/webserver/data/icons/"

	<Directory "/usr/local/webserver/data/icons">
		AllowOverride None
		Options Indexes MultiViews
		Order allow,deny
		Allow from all
	</Directory>
	# ----------------------------------------------------------------
</IfModule>



<IfModule mod_autoindex.c>
	IndexOptions		FancyIndexing versionSort
	IndexIgnore		.??* *~ *# HEADER* README* RCS CVS *,v *,t

	# ----------------------------------------------------------------
	# icons for the different file types
	# ----------------------------------------------------------------
	AddIconByEncoding	(CMP,/icons/compressed.gif)	x-compress x-gzip

	AddIconByType		(TXT,/icons/text.gif)		text/*
	AddIconByType		(IMG,/icons/image2.gif)		image/*
	AddIconByType		(SND,/icons/sound2.gif)		audio/*
	AddIconByType		(VID,/icons/movie.gif)		video/*

	AddIcon			/icons/binary.gif		.bin .exe
	AddIcon			/icons/binhex.gif		.hqx
	AddIcon			/icons/tar.gif			.tar
	AddIcon			/icons/world2.gif		.wrl .wrl.gz .vrml .vrm .iv
	AddIcon			/icons/compressed.gif		.Z .z .tgz .gz .zip
	AddIcon			/icons/a.gif			.ps .ai .eps
	AddIcon			/icons/layout.gif		.html .shtml .htm .pdf
	AddIcon			/icons/text.gif			.txt
	AddIcon			/icons/c.gif			.c
	AddIcon			/icons/p.gif			.pl .py
	AddIcon			/icons/f.gif			.for
	AddIcon			/icons/dvi.gif			.dvi
	AddIcon			/icons/uuencoded.gif		.uu
	AddIcon			/icons/script.gif		.conf .sh .shar .csh .ksh .tcl
	AddIcon			/icons/tex.gif			.tex
	AddIcon			/icons/bomb.gif			core

	AddIcon			/icons/back.gif			..
	AddIcon			/icons/hand.right.gif		README
	AddIcon			/icons/folder.gif		^^DIRECTORY^^
	AddIcon			/icons/blank.gif		^^BLANKICON^^

	DefaultIcon		/icons/unknown.gif
	# ----------------------------------------------------------------
</IfModule>



<IfModule mod_cgid.c>
	ScriptSock	logs/cgi.sock
</IfModule>



<IfModule mod_log_config.c>
	LogFormat	"%{User-agent}i" agent
	LogFormat	"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combined
	LogFormat	"%h %l %u %t \"%r\" %>s %b %I %O" common
	LogFormat	"%{Referer}i -> %U" referer
	LogFormat	"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ssl_request
</IfModule>



<IfModule mod_mime.c>
	# ----------------------------------------------------------------
	# language configuration
	# ----------------------------------------------------------------
	AddLanguage	ca	.ca
	AddLanguage	cz	.cz
	AddLanguage	da	.dk
	AddLanguage	de	.de
	AddLanguage	el	.el
	AddLanguage	en	.en
	AddLanguage	es	.es
	AddLanguage	et	.et
	AddLanguage	fr	.fr
	AddLanguage	he	.he
	AddLanguage	hr	.hr
	AddLanguage	it	.it
	AddLanguage	ja	.ja
	AddLanguage	ko	.ko
	AddLanguage	ltz	.ltz
	AddLanguage	nl	.nl
	AddLanguage	nn	.nn
	AddLanguage	no	.no
	AddLanguage	pl	.po
	AddLanguage	pt	.pt
	AddLanguage	pt-br	.pt-br
	AddLanguage	ru	.ru
	AddLanguage	sv	.se
	AddLanguage	tw	.tw
	AddLanguage	zh-tw	.tw

	LanguagePriority	de en es fr da nl et el it ja ko no pl pt pt-br ltz ca sv tw
	ForceLanguagePriority	Prefer Fallback
	# ----------------------------------------------------------------


	# ----------------------------------------------------------------
	# handlers (for file extensions)
	# ----------------------------------------------------------------
	AddHandler	cgi-script			.cgi .pl
	# ----------------------------------------------------------------


	# ----------------------------------------------------------------
	# mime types
	# ----------------------------------------------------------------
	TypesConfig	conf/mime.types

	AddEncoding	x-compress			Z
	AddEncoding	x-gzip				gz tgz

	AddType		application/x-httpd-php		.php
	AddType		application/x-httpd-php		.php3
	AddType		application/x-httpd-php		.php4
	AddType		application/x-httpd-php-source	.phps
	AddType		application/x-httpd-php		.phtml
	AddType		application/x-tar		.tgz
	AddType		image/x-icon			.ico
	# ----------------------------------------------------------------
</IfModule>



<IfModule mod_mime_magic.c>
	MIMEMagicFile	conf/magic
</IfModule>



<IfModule mod_setenvif.c>
	BrowserMatch	"Java/1\.0" force-response-1.0
	BrowserMatch	"JDK/1\.0" force-response-1.0
	BrowserMatch	"Microsoft Data Access Internet Publishing Provider" redirect-carefully
	BrowserMatch	"Mozilla/2" nokeepalive
	BrowserMatch	"MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
	BrowserMatch	"RealPlayer 4\.0" force-response-1.0
	BrowserMatch	"^WebDAVFS/1.[012]" redirect-carefully
	BrowserMatch	"^WebDrive" redirect-carefully
</IfModule>
# ========================================================================





# ========================================================================
# SECTION 02:	CONFIGURATION OF THE VIRTUAL HOSTS
# ========================================================================

	# ----------------------------------------------------------------
	# HTTP
	# ----------------------------------------------------------------

		# --------------------------------------------------------
		# Name-based virtual hosts
		# --------------------------------------------------------
		NameVirtualHost 	***.***.***.***:80
		# --------------------------------------------------------

	include conf/virtual_hosts/default_site
	include conf/virtual_hosts/http
	# ----------------------------------------------------------------


	# ----------------------------------------------------------------
	# HTTPS
	# ----------------------------------------------------------------
	<IfModule mod_ssl.c>
		include conf/virtual_hosts/https
	</IfModule>
	# ----------------------------------------------------------------
# ========================================================================
This configuration works fine :-)
 
Old 09-02-2003, 04:33 PM   #3
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
As a side note, more information about apache 2.0.47+ and the above configuration might be published at my upcoming website which may be reached at http://www.markus-welsch.de
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Limiting number of responses in MagpieRSS oneandoneis2 Linux - Software 1 06-01-2005 11:25 AM
Limiting user processes? RecoilUK Linux - Security 1 04-09-2005 02:33 PM
Limiting the number of root user accounts barleykorn Linux - General 2 03-25-2005 11:51 AM
Limiting processes not working correctly ChoKamir Linux - Security 0 01-28-2005 02:24 PM
Limiting child processes in Apache? Phaethar Linux - Software 2 11-02-2004 06:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration