Mailing List Archive: Cherokee: users

cherokee and slowloris

1 2

View All

Index | Next | Previous | View Threaded

info at pcintelligence

Jun 28, 2009, 8:01 AM

Post #26 of 33 (381 views)
Permalink

Re: cherokee and slowloris [In reply to]

Stefan de Konink wrote:
> Michiel van Es wrote:
>> Stefan de Konink wrote:
>>> Michiel van Es wrote:
>>>> Stefan de Konink wrote:
>>>>> Michiel van Es wrote:
>>>>>> Stefan de Konink wrote:
>>>>>>> Michiel van Es wrote:
>>>>>>>> I can remove the yum version by rpm -e cherokee but I don't think it
>>>>>>>> will provide me the upgrade script?
>>>>>>> There is nothing to upgrade between .11 -> .19; I just checked it.
>>>>>> So it could/should use my native cherokee.conf right?
>>>>> ...but in that config are also paths... that might have to be updated.
>>>> ah perhaps that went wrong..I also will try the build without a prefix.
>>> Then it will end up in /usr/local...
>> That is ok..I think I have to rewrite some things.
>> But why isn'tit reading the virtual hosts in my cherokee.conf?
>> hmmm strange..
>
> Mostlikely because it uses a different configuration file then you expect.

It was the admin interface which was using the wrong files.
But I am still seeing the same problem with the fedora epel rpm version.
503 Service Unavailable

I think it is bceause of the php_cgi handler?
When I first start the slowloris.pl script it gives me the 503 Service
Unavailable error but evenutally it will calm down and my website is
responding normally.

>
> Stefan
Michiel
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 8:17 AM

Post #27 of 33 (379 views)
Permalink

Re: cherokee and slowloris [In reply to]

Michiel van Es wrote:
>
> Stefan de Konink wrote:
>> Michiel van Es wrote:
>>> Stefan de Konink wrote:
>>>> Michiel van Es wrote:
>>>>> Stefan de Konink wrote:
>>>>>> Michiel van Es wrote:
>>>>>>> Stefan de Konink wrote:
>>>>>>>> Michiel van Es wrote:
>>>>>>>>> I can remove the yum version by rpm -e cherokee but I don't think it
>>>>>>>>> will provide me the upgrade script?
>>>>>>>> There is nothing to upgrade between .11 -> .19; I just checked it.
>>>>>>> So it could/should use my native cherokee.conf right?
>>>>>> ...but in that config are also paths... that might have to be updated.
>>>>> ah perhaps that went wrong..I also will try the build without a prefix.
>>>> Then it will end up in /usr/local...
>>> That is ok..I think I have to rewrite some things.
>>> But why isn'tit reading the virtual hosts in my cherokee.conf?
>>> hmmm strange..
>> Mostlikely because it uses a different configuration file then you expect.
>
> It was the admin interface which was using the wrong files.
> But I am still seeing the same problem with the fedora epel rpm version.
> 503 Service Unavailable
>
> I think it is bceause of the php_cgi handler?
> When I first start the slowloris.pl script it gives me the 503 Service
> Unavailable error but evenutally it will calm down and my website is
> responding normally.

Second test shows that the server is not accepting any new connections
at all..for me it seems Slowloris is working on my cherokee server
(0.99.11 and 0.99.19).
I think it is the php handler which can not accepts any more connections
or am I seeing something wrong?

>
>> Stefan

Michiel
> _______________________________________________
> Cherokee mailing list
> Cherokee [at] lists
> http://lists.octality.com/listinfo/cherokee
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 8:25 AM

Post #28 of 33 (380 views)
Permalink

Re: cherokee and slowloris [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
> Second test shows that the server is not accepting any new connections
> at all..for me it seems Slowloris is working on my cherokee server
> (0.99.11 and 0.99.19).
> I think it is the php handler which can not accepts any more connections
> or am I seeing something wrong?

If you configure the maximum amount of connections php-cgi can handle
too low, you basically exhaust your resources as any other 'dos' will do.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHi2cACgkQYH1+F2Rqwn33nACdGfXRTS8K/ZFUNDuxKIUAL/yH
MokAnRTJ+cFnMepcVf9bgZ19V5WfoOkK
=ZyEF
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 8:29 AM

Post #29 of 33 (381 views)
Permalink

Re: cherokee and slowloris [In reply to]

Stefan de Konink wrote:
> Michiel van Es wrote:
>> Second test shows that the server is not accepting any new connections
>> at all..for me it seems Slowloris is working on my cherokee server
>> (0.99.11 and 0.99.19).
>> I think it is the php handler which can not accepts any more connections
>> or am I seeing something wrong?
>
> If you configure the maximum amount of connections php-cgi can handle
> too low, you basically exhaust your resources as any other 'dos' will do.

But shouldn't cherokee stop the connections? I mean..I did not get this
problems with Nginx.
I have it set at 7 but I think you're telling me there is no setting for
php_cgi because slowloris floods the connections right?

>
>
> Stefan
Michiel
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 9:33 AM

Post #30 of 33 (378 views)
Permalink

Re: cherokee and slowloris [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
>
> Stefan de Konink wrote:
>> Michiel van Es wrote:
>>> Second test shows that the server is not accepting any new connections
>>> at all..for me it seems Slowloris is working on my cherokee server
>>> (0.99.11 and 0.99.19).
>>> I think it is the php handler which can not accepts any more connections
>>> or am I seeing something wrong?
>> If you configure the maximum amount of connections php-cgi can handle
>> too low, you basically exhaust your resources as any other 'dos' will do.
>
> But shouldn't cherokee stop the connections? I mean..I did not get this
> problems with Nginx.

What do you think the 503 means? Has Nginx a turbo button that suddenly
powers an afterburner and start to process requests at lightspeed?

> I have it set at 7 but I think you're telling me there is no setting for
> php_cgi because slowloris floods the connections right?

As in 7 children? Slowloris doesn't flood, slowloris keeps the
collections open. PHP is fast enough to process the request afaics.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHm3YACgkQYH1+F2Rqwn3kkgCeMkRNAivhaKPtigFRN7uRgsVM
fO0AniLIbR2u5iEaAETU9lwCdggMMf2R
=d0nW
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 11:36 AM

Post #31 of 33 (387 views)
Permalink

Re: cherokee and slowloris [In reply to]

On 6/28/09 6:33 PM, Stefan de Konink wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Michiel van Es wrote:
>> Stefan de Konink wrote:
>>> Michiel van Es wrote:
>>>> Second test shows that the server is not accepting any new connections
>>>> at all..for me it seems Slowloris is working on my cherokee server
>>>> (0.99.11 and 0.99.19).
>>>> I think it is the php handler which can not accepts any more connections
>>>> or am I seeing something wrong?
>>> If you configure the maximum amount of connections php-cgi can handle
>>> too low, you basically exhaust your resources as any other 'dos' will do.
>> But shouldn't cherokee stop the connections? I mean..I did not get this
>> problems with Nginx.
>
> What do you think the 503 means? Has Nginx a turbo button that suddenly
> powers an afterburner and start to process requests at lightspeed?
>

I am just telling you what I observed..not saying this one is better
then the other one.

>> I have it set at 7 but I think you're telling me there is no setting for
>> php_cgi because slowloris floods the connections right?
>
> As in 7 children? Slowloris doesn't flood, slowloris keeps the
> collections open. PHP is fast enough to process the request afaics.

Something is breaking though..

thread.c:1331: WARNING: Run out of file descriptors!!
thread.c:1331: WARNING: Run out of file descriptors!!
thread.c:1331: WARNING: Run out of file descriptors!!

>
>
> Stefan

Michiel
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkpHm3YACgkQYH1+F2Rqwn3kkgCeMkRNAivhaKPtigFRN7uRgsVM
> fO0AniLIbR2u5iEaAETU9lwCdggMMf2R
> =d0nW
> -----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

stefan at konink

Jun 28, 2009, 11:39 AM

Post #32 of 33 (381 views)
Permalink

Re: cherokee and slowloris [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Michiel van Es wrote:
>> Something is breaking though..
>
>> thread.c:1331: WARNING: Run out of file descriptors!!
>> thread.c:1331: WARNING: Run out of file descriptors!!
>> thread.c:1331: WARNING: Run out of file descriptors!!

What was the maximum amount of file descriptors you have allocated
system wide (or specified for cherokee). Rough estimation is that you
can have half of the available fds as clients at the same time.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkpHuNkACgkQYH1+F2Rqwn1mSACfZXd8NDP6FXH2d3Iz5Kv7KbED
SEsAmwRaJ8mgHXrwVzsi4k7mniZkErxq
=3KNL
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

info at pcintelligence

Jun 28, 2009, 11:40 AM

Post #33 of 33 (379 views)
Permalink

Re: cherokee and slowloris [In reply to]

On 6/28/09 8:39 PM, Stefan de Konink wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Michiel van Es wrote:
>>> Something is breaking though..
>>> thread.c:1331: WARNING: Run out of file descriptors!!
>>> thread.c:1331: WARNING: Run out of file descriptors!!
>>> thread.c:1331: WARNING: Run out of file descriptors!!
>
> What was the maximum amount of file descriptors you have allocated
> system wide (or specified for cherokee). Rough estimation is that you
> can have half of the available fds as clients at the same time.

I think it is the default:

support via libssl, IPv6 enabled, using epoll, 1024 fds system limit, max.
504 connections, caching I/O, 20 threads, 25 connections per thread,
standard scheduling policy
3703

>
>
> Stefan

Michiel
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkpHuNkACgkQYH1+F2Rqwn1mSACfZXd8NDP6FXH2d3Iz5Kv7KbED
> SEsAmwRaJ8mgHXrwVzsi4k7mniZkErxq
> =3KNL
> -----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee

1 2

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads