----- "Craig A. James" <cja...@emolecules.com> wrote: > I have found the trigger for my horrible performance problem, but it > is surprising. > > Apache gets slow when there are too many "Allow from" directives, in > this case, about 105 "Allow from" specs that are a mix of single IP > addresses, partial IP address and netmasks:
105 allow froms shouldn't cause a 5 second delay. Are you absolutely certain that you don't have HostnameLookups set to something funny? > 11.12.13.14 > 21.22. > 21.123.0.0/16 > > ... and so forth. Note that there are *no* hostnames, just IP > addresses and netmasks so it's not a DNS lookup problem. > > This is very consistent. If we take out the "Allow from", Apache > works. If we add them back, the web site gets extremely slow. But > not for all users. Only some customers see this problem; most have > excellent performance all the time. > > When we run wireshark to analyze TCP/IP traffic with all 105 "Allow > from" in place, it starts dropping TCP/IP ACK packets and having to > resend a lot of data. When we take the "Allow from" out, the TCP/IP > communication is smooth and fast. Check if there's any DNS traffic going on that shouldn't. > Has anyone else run into this, and if so, how do you fix it? Put access control policies like this -- if they are so many -- in iptables. > This is on Apache 2.2.14 on Ubuntu 10.04. > > Thanks, > Craig i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
