I posted a few weeks ago about high memory usage with Apache and ISPConfig: http://www.howtoforge.com/forums/showthread.php?t=51955 I believed the cause was fastcgi or poor Apache configuration. However, I have disabled a number of Apache modules, stopped using fastcgi, and limited MaxClients along with a number of other settings. About once a week, my apache processes go through the roof with memory. It happens so quickly that munin doesn't even show any spikes. One minute, everything is normal, the next minute, the graphs stop updating. At present, I fix it by running a 'killall apache2', though obviously, I don't want to do this all the time. During these 'high load' times, CPU usage is normal, and 'apache2ctl fullstatus' doesn't offer anything suspicious. Any advice?
You can try to use mod_evasive to prevent that: http://www.faqforge.com/linux/preve...-webserver-for-debian-linux-with-mod_evasive/ The parameters might have to be tweaked depending on the normal usage of your server.
I installed that mod before and had a bad experience with a lot of false positives. At this stage, I'm interested in narrowing down the exact cause of the problem. Is the high-load caused by a poorly configured website? It is legitimate spikes in traffic? Is it an attack? Once the apache processes spike, they don't return to normal unless they are killed. If the traffic was legitimate, surely apache would sort itself out? However, if there was poor code design, perhaps certain calls/connections aren't being closed properly..
I've got some more details. I have a number of apache processes which over time are stuck in the 'gracefully finishing' (shown as 'G') state. How do I avoid this?
Thank you till, you are likely right that I should use different limits. However, as I said before, I am interested in ascertaining the exact cause of the problem before I blindly install mod_evasive, and php caching options.
Apache can not decide if traffic is legit or not. Apavche handles every incomimg request, if there are too many requests (more requests then the server hradware that you use can handle), then it will cause the system too become slow or stop completely. Such DOS can be an attack or just a misconfifgured or wrongly developed internet spider. To prevent the overload of your server from a single IP, you can use mod_evasive 1) Install mod_evasive 2) Check which IP gets blocked by it any try to find out if the IP belongs to a web spider or not and lookup the requests from that IP address in the access log to see which pages were requested from there.
