On Wednesday 01 March 2006 11:09, Graham Leggett wrote: > Hi all, > > I have an httpd v2.2.0 installation that from time to time is being > DoS'ed by a burst of hits to a perl based CGI program (mt-comment.cgi > from Moveable Type). The CGIs take up tonnes of RAM, until openldap > dies, causing lots of further problems. > > Is there a mechanism within v2.2.0 to put resource limits onto CGI > programs (maximum running simultaneously, longest time in seconds to > run, that sort of thing)?
Apart from limiting the CGI programs, another approach would be to use mod_load_average to return 503 when the system as a whole is under heavy load. Refusing cleanly to run the heavy CGI scripts at all has got to be better than killing them after they've munched your resources. I don't recollect the URL, but I'm pretty sure fajita has it. -- Nick Kew