|
> but seriously - do you have any logs you can post to indicate
> why you think
> it is a DOS attack? here is where a nice dual proc box setup
> with Snort
> comes in handy, maybe you have one already ;) ?
>
Hmm, found this following thread:
http://marc.theaimsgroup.com/?l=apache-modssl&m=103336922830201&w=2
This person foundout he was removing his mutex file. my ssl mutex file is
there on both the cluster and the other webserver, so that's not the
problem, but my symptoms are exactly the same. I can't belive I can't find
more info out there.
Any ideas? Especially the rate limiting stuff?
I know that before the /proc tuning, I would get the buffer space issues at
the same time as the worm attack. I think the /proc tuning prevented LVS
from having problems this time. But the outage is even worse with MON
running, because it will actually remove the RIP, and take a little while to
notice that apache is responding again. Maybe I can play around with the
mon settings.
|
