|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
September 10th, 2001, 03:45 PM
|
|||
|
|||
Security issue with apache
Hello,
I am very new to Apache administration, and am looking for some feedback on what I think is a security issue. I have been frequently dealing with httpd maxing out at well over 100 threads, bringing my system to a near standstill. My error log confirms that apache is being maxed out, but also turns up some wierd stuff. Actually, when httpd does max out, the error log pumps out pages of this: httpd in free(): warning: recursive call. I have looked around to find an explination for this warning, and have come up empty handed. Any ideas? Further, the server has been attacked in the past with someone running some sort of "hammer" script on selected pages. Is there away of protecting apache from such types of attacks? Any thoughts is greatly appreciated. Regards, Michael FYI: I am running FreeBSD 4.1.1-STABLE Apache Version Apache/1.3.17 Apache Release 10317100 Apache API Version 19990320 User/Group nobody(65534)/65534 Max Requests Per Child: 30 Keep Alive: on Max Per Connection: 100 Timeouts Connection: 300 Keep-Alive: 15 Server Root /usr/local/apache Loaded Modules mod_perl, mod_php4, mod_setenvif, mod_auth, mod_access, mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_config, mod_env, http_core
|
|
#2
September 10th, 2001, 08:33 PM
|
|||
|
|||
|
>> httpd in free(): warning: recursive call
This appears to be a bug in mod_perl. Do a search in google to find out more. If you are running FreeBSD, don't even install perl 5.6.0, stick with 5.005_03. FreeBSD relies on Perl heavily and there are way too many issues need to be resolved before they will upgrade to 5.6.0. >> Is there away of protecting apache from such types of attacks? Trust no one and don't host for others. To minimize the damage, limit the number of max memory use. Start here -> http://httpd.apache.org/docs/mod/core.html#rlimitmem
|
|
#3
September 10th, 2001, 09:00 PM
|
|||
|
|||
|
Thanks for the reply. I am running:
This is perl, version 5.005_03 built for i386-freebsd What makes you think that httpd in free(): warning: recursive call has to do with mod perl? Also, I have been getting another similar error: httpd in malloc(): warning: recursive call. What do you make of this? Thanks for the tip on mod_core.  Regards, Michael Quote:
|
|
#4
September 10th, 2001, 09:09 PM
|
|||
|
|||
|
>> What makes you think that httpd in free(): warning: recursive call has to do with mod perl?
Searched google as well as Apache mailing list and that came up with a known bugs in mod_perl. Needless to say, you can also do a search yourself.
|
|
#5
September 11th, 2001, 01:50 AM
|
||||
|
||||
|
Just a note,
maybe you already know that malloc(), is a function that ley you allocate dynamic memory free(), is a function that let you 'deallocate' or better free the dynamic memory block allocated with malloc As I said this will note help you, but think interesting to say.
|
|
#6
September 12th, 2001, 09:58 AM
|
|||
|
|||
|
pippo,
thanks for the note. It helps allot. Regards, Michael Quote:
|
|
| Viewing: Dev Shed Forums > System Administration > Apache Development > Security issue with apache |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
