RE: [users@httpd] Child processes stuck in R status

Wed, 17 Sep 2025 07:48:57 -0700 



On 2025/09/16 18:12:14 [email protected] wrote:

I'm wondering if anyone has seen this and/or how it is even possible.

We're having some issues that at least on the surface look like a
slowloris attack or variant; on the server-status page multiple child
processes appear to be stuck in R status with large seconds-since
values.


Hi,

We are seeing this too recently on one of our reverse proxy

The scoreboard is almost saturated with R requests


__R___R___R_R_RR________RRRRW_RRRRRRR_R__RR_RR_RWRRRRRRRRRRRRRRR
WRRRRRRRRWRRRRW_RR_RR_RRR__RW_RR_____WR_R____R__________R_______
________R__R__________RRRRRR_RR_RR_RRRRR_RRR_RRCRRRWRRRWRRRWW_RR
RRRRRRRRRR_RRRRRRWRRRRRWRRWRRRRRRRRRRRRRRRRRRWRWRR_WRRRRRRRRRWRR
RRRRRRWRRRRRRRRRRRRRRRRRRWRRRRRRRRRRRWRRRRRRR_RRRRRRR_RRRR_RRRRR
__RRRRRRRRRR_RRRWRRRR_RRRRRRRRRRRRRRRRRRWRRRWRRRRRRRRRWRRRRRWRRR
WRRRRRRRRRRRRR_RRWRRRRRRRRRRRRRRRRRRRRRRR__________________RRRR_
_RW__RRRRR_RR____WRR_R_RRR_RRRRRRWWRRRRRR_RRRRRRRR_R............
..G..........RRRRRRRRRRRCRRRRRRRR_RRRR___________R____RRRR_____R
R____RRRRRWRR_R_RRR_R___RRRRRRR_RRRRRRRRRR_RRRRRWRRRRRRWR_RRRRRR
W_RRRRRRRR____R_R_W__RR_RR_R__RRR___R___RWR___R____R_____R_RRRRR
RRRR_RRRRRR__RRRRRRRRRR_RRRRRRRWRRRR_RRRRR_RR______________R____
_____R_____________W______WR_______________________________R____
__________________RRRRRRRRRRRRRRRRRRRRRRRRR_____R_______________
______W__W__RR_R_____________...................................
........................................



We have changed the number of available workers in the mpm config in 
order to mitigate the saturation : 150 (default on Debian) to 1000 (now)


During this, on lot of R workers server-status shows
- the Client ip
- the VHost domain.example.com:port
- the Request GET or POST /some/path…

This apache instance use


Server Version: Apache/2.4.65 (Debian) OpenSSL/1.1.1w mod_qos/11.63
Server MPM: event


On an older apache instance serving the same type of sites


Server Version: Apache/2.4.10 (Debian) OpenSSL/1.0.1t
Server MPM: worker


We don't observe these saturations due to R workers

And in server-status the VHost and Request aren't present on R workers, 
only an ip address


What MPM are you using ?
--
Grégory Rocher

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]























					Reply via email to