[users@httpd] deny announce.php torrent requests
hi all… i have a bit of an issue with torrent announce.php?info_hash= requests. it sure feels like some sort of dos or ddos. i have tried different ways to configure apache to drop those request using mod_security, mod_rewrite, etc but never the less i still see a lot of ESTABLISHED states that just hang there and the machine eventually gives up.. so far i have tried this: with mod_security (within modsecurity.conf): SecRule REQUEST_URI "\?info_hash\=" "phase:2,id:'1002',t:none,rev:1,severity:2,log,deny,msg:'Torrent Announce Hit Detected'" here i can see in the audit log that "Connection: closed" but i can still see all the request in the virtual domain's log (vs the mod sec_audit log). and still see the http ESTABLISHED connections (via netstat) just lingering. with mod_rewrite (in global context): RewriteEngine on RewriteRule ^/announce$ - [F] RewriteRule ^/announce\.php$ - [F] also RewriteEngine On RewriteRule ^/announce$ - [F] RewriteRule ^/announce\.php$ - [F] and within the virtual domain context: Order deny,allow Deny from all monitoring via server-status i can still see hits to http://mydomain.com/announce.php and netstat keeps growing with ESTABLISHED states. is all of this above wrong?! since this domain appears to be the only one affected i can eventually change that - it's for internal company use - but before i do that - why none of the methods described above can get rid of the torrent flood? thanks…
Re: [users@httpd] CustomLog fails when piped to sed
On Thu, Mar 12, 2015 at 12:03 AM, Yann Ylavic wrote: > > With Apache 2.4.x, you probably have to use : > > CustomLog "$|/bin/sed -r s/pass/REDACTED/g >> /workplace/tmp/access.log" > common Oups, I meant "|$...", with the $ *after* the |. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] CustomLog fails when piped to sed
On Wed, Mar 11, 2015 at 11:10 PM, Debajit Adhikary wrote: > > CustomLog "|/bin/sed -r s/pass/REDACTED/g >> /workplace/tmp/access.log" common > > However, when I make a request to Apache, I get an error saying > > /bin/sed: can't read >>: No such file or directory > > How can I get this working? (It seems others have been able to use piped > CustomLog like this) With Apache 2.4.x, you probably have to use : CustomLog "$|/bin/sed -r s/pass/REDACTED/g >> /workplace/tmp/access.log" common Note the leading $ so that a shell is used (see http://httpd.apache.org/docs/2.4/logs.html#piped). Regards, Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] CustomLog fails when piped to sed
I am trying to use a piped CustomLog to filter my logs: httpd.conf:CustomLog "|/bin/sed -r s/pass/REDACTED/g >> /workplace/tmp/access.log" common However, when I make a request to Apache, I get an error saying/bin/sed: can't read >>: No such file or directory How can I get this working? (It seems others have been able to use piped CustomLog like this)
[users@httpd] RAM/CPU calculations when using PHP-FPM and Apache 2.4
Is this the correct process? To determine how much RAM/CPU to provide for a VM web server, calculate the average RES value in "top" for httpd processes. Then calculate the average RES value for php-fpm processes. Then add those 2 values together. Then multiply by the max number of concurrent connections you want to be able to handle. Example: 12000 kb 6640 kb 18.640 mb X 512 MaxRequestWorkers ~9.6 gb (How much RAM needed to run apache/PHP-FPM. So would add 2 GB for running system) Then add the average CPU% in "top" for httpd processes + average CPU% for php-fpm and multiply by 512 MaxRequestWorkers. Example: Httpd average cpu 4% Php-fpm average cpu 2% .06 x 512 = 30.72 cores The RAM looks reasonable. But the cpu value is much higher than I expected. Corrections? Constructive comments? Thanks