模板
教程
环境
性能
功能
管理
apache 速度爆慢的问题:MAX CLIENT 和 百度mp3搜索引擎
发表于:2007-05-25来源:作者:点击数:
标签:
我也来原创一下, 今天出现了[url=http://weblog.dalouis.com/archives/2004/07/apache_eccee.html]apache打开速度爆慢[/url]的问题。检查如下: [quote:79e7fc20a9]ping的平均时间为69ms find/-ctime1没有什么大的变动 netstat-anlp|grep80|greptcp|awk{'pri
我也来原创一下,
今天出现了[url=http://weblog.dalouis.com/archives/2004/07/apache_eclearcase/" target="_blank" >ccee.html]apache打开速度爆慢[/url]的问题。检查如下:
[quote:79e7fc20a9]ping 的平均时间为 69 ms
find /-ctime 1 没有什么大的变动
netstat -anlp | grep 80 | grep tcp | awk {'print $5'} | awk -F: {'print $1'}| sort |uniq -c | sort -nr 有将近145个httpd 的链接, 前几个的每个ip的连接数目都在 10-15左右。[/quote:79e7fc20a9]
升级apache到2.0.50
[code:1:79e7fc20a9]$ ./configure --enable-so --enable-speling --enable-rewrite --enable-ssl --with-ssl=/usr/local/ssl
$ make
$ apachectl stop
$ make install
$ apachectl start[/code:1:79e7fc20a9]
问题依然存在。 查看last 和 apache的log文件,并用SSS扫描主机,未发现侵入和漏洞。于是搜索CU上的问题,发现了[url=http://bbs.chinaunix.net/forum/viewtopic.php?t=330443]这个帖子[/url],根据里面的解释,可能是由于我的服务器的hosts太多,从而正常连接数目在不停地增大,而httpd.conf里面没有恰当设置 <strong>[url= =http://httpd.apache.org/docs-2.0/mod/mpm_common.html#maxclients]MAX CLIENT[/url]</strong> 造成的。
修改了 httpd.conf 里面的 MAX CLIENT 为 256,问题解决!
如果你要继续增加 MAX CLIENT 的数量,当你将 MAX CLIENT 设置为超过256的时候,会出现
[quote:79e7fc20a9]WARNING: MaxClients of 1250 exceeds ServerLimit value of 256 servers,
lowering MaxClients to 256. To increase, please see the [url=http://httpd.apache.org/docs-2.0/mod/mpm_common.html#serverlimit]ServerLimit[/url]
directive.[/quote:79e7fc20a9]
的错误。
查看[url=http://httpd.apache.org/docs-2.0/mod/prefork.html#minspareservers]prefork[/url] 的相关说明,将idle的进程减少了。
(因为在我的 # apachectl -l 只有 prefork.c
[quote:79e7fc20a9]MaxSpareServers 6[/quote:79e7fc20a9]
原因2 百度的 mp3 搜索器搞的鬼
[quote:79e7fc20a9]210.54.49.45 - - [13/Jul/2004:13:37:23 +0800] "GET /archives/images/jiangnan.mp3 HTTP/1.1" 206 "http://list.mp3.baidu.com/topso/9/984_tsomp3.htm" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"[/quote:79e7fc20a9]
原来是我的“江南”这首歌,被百度搜索到,不停的被下载。而且就是今天的事情。
查看流量日志
[quote:79e7fc20a9]2004年 七月 12 21 40 149 228.94 M字节
2004年 七月 13 17 25 8821 50.78 G字节 [/quote:79e7fc20a9]
所以利用阻止图片盗链的方法,在apache里面设置。
[quote:79e7fc20a9]<FilesMatch "\.(png|gif|jpg|mp3)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>[/quote:79e7fc20a9]
重启apache以后立刻速度爆增!
[quote:79e7fc20a9][Tue Jul 13 13:40:54 2004] [error] [client 61.176.103.33] client denied by server configuration: /home/kreny/mt/weblog/archives/images/jiangnan.mp3, referer: http://list.mp3.baidu.com/topso/9/984_tsomp3.htm[/quote:79e7fc20a9]
提问!
虽然阻止了下载,但是如何从tcp层上阻止这种盗链呢? 我的error以没几分钟一兆的速度爆增阿~~ 谢谢!
| HonestQiao 回复于:2004-07-13 20:38:25 |
| 可以禁止百度的阿 |
| jackieyuan 回复于:2004-07-13 21:05:35 |
| [quote:eb8ddbe9ff="HonestQiao"]可以禁止百度的阿[/quote:eb8ddbe9ff]
但是百度没有访问我阿,是从他导向我而已。 |
| wd 回复于:2004-07-13 21:11:39 |
| 败毒肯定得先访问你,才能知道你上面有什么资源吧,他如果访问不到你,那就没戏了吧 |
| jackieyuan 回复于:2004-07-13 21:15:15 |
| [quote:d07f15e62d="wd"]败毒肯定得先访问你,才能知道你上面有什么资源吧,他如果访问不到你,那就没戏了吧[/quote:d07f15e62d]噢~! 是这个意思阿~ 但是现在已经没办法了。他今天导向我的连接就有[b:d07f15e62d]189220[/b:d07f15e62d] ,而且还在不停地写error (forbidden)的日志,现在怎么阻止呢? :em06: |
| jhsea3do 回复于:2004-07-13 23:49:46 |
| 放个 robots.txt 先把
这样可以把原先被收录的叶面拿掉 |
| skylove 回复于:2004-07-14 16:28:44 |
| 我的妈呀,还好先看到了,否则以后就惨了 。。。 |
| jackieyuan 回复于:2004-07-14 16:59:54 |
| 同志们 有没有什么办法用盗链图片 的原理禁止阿~~ 我似乎禁止不了阿~ 会出现 [color=red:ccb3959ab4][size=18:ccb3959ab4][b:ccb3959ab4]206[/b:ccb3959ab4][/size:ccb3959ab4][/color:ccb3959ab4] 的代码~~
[code:1:ccb3959ab4]211.100.104.153 - - [14/Jul/2004:16:59:39 +0800] "GET /archives/images/jiangnan.mp3 HTTP/1.1" [size=18][color=red]206[/color] [/size][b]1981302[/b] "http://mydomain.com/archives/images" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"[/code:1:ccb3959ab4] 206代码啥意思阿~ 后面是不是传输的数据? 因为这个数字老是变。 [code:1:ccb3959ab4]SetEnvIfNoCase Referer "mydomain\.com" local_ref=1 SetEnvIfNoCase Referer SetEnvIfNoCase Referer "-" local_ref=1 SetEnvIf Request_URI "/favicon.ico" local_ref=0 <FilesMatch "\.(png|gif|jpg|mp3|wma)"> Order Allow,Deny Allow from env=local_ref </FilesMatch>[/code:1:ccb3959ab4] 参考 http://httpd.apache.org/docs-2.0/mod/mod_setenvif.html#setenvif http://apache-server.com/tutorials/ATimage-theft.html 现在我的log统计已经到了这种疯狂的地步了~~ [quote:ccb3959ab4]HTTP 错误码 HTTP 错误码* 文件数 百分比 字节 403 Forbidden [color=red:ccb3959ab4]472165 [/color:ccb3959ab4]84.1 % 167.27 M字节 206 Partial Content 88455 15.7 % 238.68 G字节 404 Document Not Found 680 0.1 % 241.08 K字节 416 Requested range not valid 44 0 % 19.59 K字节 301 Moved permanently (redirect) 11 0 % 4.18 K字节 [/quote:ccb3959ab4] 红色是连接数目~~ 才一天半~ 晕~ :em10: |
| skylove 回复于:2004-07-14 18:07:37 |
| 不记录error,直接丢到/dev/null行不。。。虽然。。。比较危险了点点 |
| HonestQiao 回复于:2004-07-14 22:34:41 |
| 来自于白度的连接不记录到日志里面,很简单做到的哦 |
| jackieyuan 回复于:2004-07-14 23:40:58 |
| [quote:2178e2de4e="HonestQiao"]来自于白度的连接不记录到日志里面,很简单做到的哦[/quote:2178e2de4e]老大~别吊人家胃口~说说吧~~ :em02: |
| HonestQiao 回复于:2004-07-15 09:28:56 |
| http://w.yi.org/ftp/FAPM/apache/Apache2/zh/logs.html
有条件地记录日志 许多时候,使用 环境变量 排除某些客户请求会带来便利。首先,需要用SetEnvIf指令来标识符合某种条件的请求,然后用CustomLog 指令的env=从句,来包含或者排除被记录的请求。例如: # Mark requests from the loop-back interface SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog # Mark requests for the robots.txt file SetEnvIf Request_URI "^/robots\.txt$" dontlog # Log what remains CustomLog logs/access_log common env=!dontlog 再例,记录使用英语的请求到一个日志,而记录非英语的请求到另一个日志: SetEnvIf Accept-Language "en" english CustomLog logs/english_log common env=english CustomLog logs/non_english_log common env=!english 虽然上述已经展示了有条件日志记录的强大和灵活,但这不是控制日志内容的唯一手段,还可以用日志后处理程序来剔除你不关心的内容,而使日志更有用。 |
| HonestQiao 回复于:2004-07-15 09:29:56 |
| Apache模块 mod_setenvif
说明: Allows the setting of environment variables based on characteristics of the request 状态: Base 模块名: setenvif_module 源文件: mod_setenvif.c 概要 The mod_setenvif module allows you to set environment variables according to whether different aspects of the request match regular expressions you specify. These environment variables can be used by other parts of the server to make decisions about actions to be taken. The directives are considered in the order they appear in the configuration files. So more complex sequences can be used, such as this example, which sets netscape if the browser is mozilla but not MSIE. BrowserMatch ^Mozilla netscape BrowserMatch MSIE !netscape 指令索引 BrowserMatch BrowserMatchNoCase SetEnvIf SetEnvIfNoCase 参见 Environment Variables in Apache BrowserMatch 指令 说明: Sets environment variables conditional on HTTP User-Agent 语法: BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ... 上下文: 服务器配置, 虚拟主机, 目录, .htaccess 覆盖项: FileInfo 状态: Base 模块: mod_setenvif The BrowserMatch is a special cases of the SetEnvIf directive that sets environment variables conditional on the User-Agent HTTP request header. The following two lines have the same effect: BrowserMatchNoCase Robot is_a_robot SetEnvIfNoCase User-Agent Robot is_a_robot Some additional examples: BrowserMatch ^Mozilla forms jpeg=yes browser=netscape BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript BrowserMatch MSIE !javascript BrowserMatchNoCase 指令 说明: Sets environment variables conditional on User-Agent without respect to case 语法: BrowserMatchNoCase regex [!]env-variable[=value] [[!]env-variable[=value]] ... 上下文: 服务器配置, 虚拟主机, 目录, .htaccess 覆盖项: FileInfo 状态: Base 模块: mod_setenvif 兼容性: Apache 1.2 and above (in Apache 1.2 this directive was found in the now-obsolete mod_browser module) The BrowserMatchNoCase directive is semantically identical to the BrowserMatch directive. However, it provides for case-insensitive matching. For example: BrowserMatchNoCase mac platform=macintosh BrowserMatchNoCase win platform=windows The BrowserMatch and BrowserMatchNoCase directives are special cases of the SetEnvIf and SetEnvIfNoCase directives. The following two lines have the same effect: BrowserMatchNoCase Robot is_a_robot SetEnvIfNoCase User-Agent Robot is_a_robot SetEnvIf 指令 说明: Sets environment variables based on attributes of the request 语法: SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... 上下文: 服务器配置, 虚拟主机, 目录, .htaccess 覆盖项: FileInfo 状态: Base 模块: mod_setenvif The SetEnvIf directive defines environment variables based on attributes of the request. The attribute specified in the first argument can be one of three things: An HTTP request header field (see RFC2616 for more information about these); for example: Host, User-Agent, Referer, and Accept-Language. A regular expression may be used to specify a set of request headers. One of the following aspects of the request: Remote_Host - the hostname (if available) of the client making the request Remote_Addr - the IP address of the client making the request Server_Addr - the IP address of the server on which the request was received (only with versions later than 2.0.43) Remote_User - the authenticated username (if available) Request_Method - the name of the method being used (GET, POST, et cetera) Request_Protocol - the name and version of the protocol with which the request was made (e.g., "HTTP/0.9", "HTTP/1.1", etc.) Request_URI - the resource requested on the HTTP request line -- generally the portion of the URL following the scheme and host portion without the query string The name of an environment variable in the list of those associated with the request. This allows SetEnvIf directives to test against the result of prior matches. Only those environment variables defined by earlier SetEnvIf[NoCase] directives are available for testing in this manner. 'Earlier' means that they were defined at a broader scope (such as server-wide) or previously in the current directive's scope. Environment variables will be considered only if there was no match among request characteristics and a regular expression was not used for the attribute. The second argument (regex) is a Perl compatible regular expression. This is similar to a POSIX.2 egrep-style regular expression. If the regex matches against the attribute, then the remainder of the arguments are evaluated. The rest of the arguments give the names of variables to set, and optionally values to which they should be set. These take the form of varname, or !varname, or varname=value In the first form, the value will be set to "1". The second will remove the given variable if already defined, and the third will set the variable to the literal value given by value. Example: SetEnvIf Request_URI "\.gif$" object_is_image=gif SetEnvIf Request_URI "\.jpg$" object_is_image=jpg SetEnvIf Request_URI "\.xbm$" object_is_image=xbm : SetEnvIf Referer www\.mydomain\.com intra_site_referral : SetEnvIf object_is_image xbm XBIT_PROCESSING=1 : SetEnvIf ^TS* ^[a-z].* HAVE_TS The first three will set the environment variable object_is_image if the request was for an image file, and the fourth sets intra_site_referral if the referring page was somewhere on the www.mydomain.com Web site. The last example will set environment variable HAVE_TS if the request contains any headers that begin with "TS" whose values begins with any character in the set [a-z]. 参见 Environment Variables in Apache, for additional examples. SetEnvIfNoCase 指令 说明: Sets environment variables based on attributes of the request without respect to case 语法: SetEnvIfNoCase attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ... 上下文: 服务器配置, 虚拟主机, 目录, .htaccess 覆盖项: FileInfo 状态: Base 模块: mod_setenvif 兼容性: Apache 1.3 and above The SetEnvIfNoCase is semantically identical to the SetEnvIf directive, and differs only in that the regular expression matching is performed in a case-insensitive manner. For example: SetEnvIfNoCase Host Apache\.Org site=apache This will cause the site environment variable to be set to "apache" if the HTTP request header field Host: was included and contained Apache.Org, apache.org, or any other combination |
| jackieyuan 回复于:2004-07-15 09:58:36 |
| [quote:91367a1772="HonestQiao"] ...
上下文: 服务器配置, 虚拟主机, 目录, .htaccess 覆盖项: FileInfo 状态: Base 模块: mod_setenvif 兼容性: Apache 1.3 and above The SetEnvIfNoCase is semantically identical to the SetEnvI..........[/quote:91367a1772] 现学现卖~~~ [code:1:91367a1772]######## Preventing Image 'Theft' ######## ## http://apache-server.com/tutorials/ATimage-theft.html # Images can only be fetched if they were linked to from one of your pages. # local_ref=1 or !local_ref ==> forbidden SetEnvIfNoCase Referer "fjhr\.org" local_ref=1 SetEnvIfNoCase Referer "hzmjp\.com" local_ref=1 SetEnvIfNoCase Referer "dalouis\.com" local_ref=1 SetEnvIfNoCase Referer "necktie\.gov\.cn" local_ref=1 SetEnvIfNoCase Referer "necktie\.net\.cn" local_ref=1 SetEnvIfNoCase Referer "hzboxing\.com" local_ref=1 SetEnvIfNoCase Referer "-" local_ref=1 SetEnvIf Request_URI "/images/logo(.)+" local_ref=0 SetEnvIf Request_URI "/images/snap(.)+" local_ref=0 SetEnvIf Request_URI "/images/close(.)+" local_ref=0 SetEnvIf Request_URI "/favicon\.ico" local_ref=0 SetEnvIf Request_URI "matrix\.jpg" local_ref=0 <FilesMatch "\.(png|gif|jpg)"> Order Deny,Allow Deny from all Allow from env=local_ref </FilesMatch> # Agree to play by mediaplayer or mediaplayer ONLY SetEnvIfNoCase User-Agent "RealMedia" media_ref=1 SetEnvIfNoCase User-Agent "NSPlayer" media_ref=1 SetEnvIfNoCase Request_URI "\.(mp3|wma)" is_media=1 #### My Verson #BrowserMatch "RealMedia" media_ref=0 #BrowserMatch "NSPlayer" media_ref=0 # If have been spidered by baidu or mp3searcher, you'd better rename # the file and do not use the deny. <FilesMatch "\.(mp3|wma)"> # Order Deny,Allow # Deny from all # Allow from env=media_ref </FilesMatch> ################################################### SetEnvIf Request_URI "mp3" baidu_ref=0 SetEnvIf Referer "baidu\.com" baidu_ref=0 CustomLog logs/weblog.domain.com-access_log combined env=!baidu_ref [/code:1:91367a1772] |
| jackieyuan 回复于:2004-07-16 01:21:30 |
| [quote:1cc91176dd="HonestQiao"] ...
上下文: 服务器配置, 虚拟主机, 目录, .htaccess 覆盖项: FileInfo 状态: Base 模块: mod_setenvif 兼容性: Apache 1.3 and above The SetEnvIfNoCase is semantically identical to the SetEnvI..........[/quote:1cc91176dd] 再让我们试试不用阻止,而用rewrite导向错误从而让百度从它的数据库里面删掉的方法。(如果用阻止的话,用户会误以为服务器忙,不停地连接,从而造成log文件快速增加。我就有一天增加180MB的经历。如果是404错误,flashget会直接报错。) [code:1:1cc91176dd] # If client use the Mozilla or Non-media explorer to download, then redirect # to a unavaluable file to response a 404(Not Found) error. ;) RewriteCond %{HTTP_USER_AGENT} !~/RealMedia/ [OR] RewriteCond %{HTTP_USER_AGENT} !~/NSPlayer/ [OR] RewriteRule mp3$ /error/HTTP_NOT_FOUND.html.var [Last][/code:1:1cc91176dd] 效果: 之前 1.直接下载的结果 2.在网页上用播放器放的结果 之后 1.直接下载的结果 2.在网页上用播放器放的结果 试了很多方法 用 RewriteCond %{HTTP_USER_AGENT} 也好 EnvIF 也好 BrowserMatch 也好,要么就是把 所有连接全部禁止,要么就是 全部都可以下载,请楼上版主指教~~ 到底哪里出了问题,是 rewrite的rule呢还是 ENV的问题。(rewriterule成功过~) :em16: |
| HonestQiao 回复于:2004-07-16 12:51:56 |
| 客户端的agent参数正确么? |
| HonestQiao 回复于:2004-07-16 12:55:29 |
| 还有,你最好打开了rewritelog,然后察看rewrite的匹配过程,这样子可以很好的分析结果,知道匹配了什么,匹配是否正确,匹配之后去做什么了? |
| jackieyuan 回复于:2004-07-16 13:24:22 |
| [quote:df7363400e="HonestQiao"]还有,你最好打开了rewritelog,然后察看rewrite的匹配过程,这样子可以很好的分析结果,知道匹配了什么,匹配是否正确,匹配之后去做什么了?[/quote:df7363400e]
问题解决了一部分,以下是记录 终结方法制止直接下载: [code:1:df7363400e]# If client use the Mozilla or Non-media explorer to download, then redirect # to a unavaluable file to response a 404(Not Found) error. ;) # This rule is not effective when it is written in TOP part(www.mydomain.com) RewriteCond %{HTTP_USER_AGENT} Mozilla|Flashget|Netants|Lynx RewriteRule .mp3$ /HTTP_NOT_FOUND.html [L][/code:1:df7363400e] 结果:在直接输入 mp3 地址后的 log 文件: [code:1:df7363400e]221.95.221.22 - - [16/Jul/2004:10:48:53 +0800] "GET /archives/images/queen_2004.mp3 HTTP/1.1" 404 370 "http://weblog.mydomain.com/archives/images" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)" [Fri Jul 16 10:48:53 2004] [error] [client 221.95.221.22] File does not exist: /home/kreny/mt/weblog/HTTP_NOT_FOUND.html-, referer: http://weblog.mydomain.com/archives/images [/code:1:df7363400e] 转向了首页。若改为一个不存在的页面,则可以response一个404错误了。注意:[color=red:df7363400e]rewrite必须写在每个virtual hosts 才有效![/color:df7363400e] |
| geel 回复于:2004-07-26 00:36:05 |
| 直接请求.mp3文件并且referer是baidu的直接丢掉,可以不 |
| HonestQiao 回复于:2004-07-28 12:54:40 |
| 打开rewirte的log |
| swingcoder 回复于:2004-07-29 13:57:46 |
| 用iptables不行吗? |
| bend 回复于:2004-07-30 17:00:34 |
| 我看,你们为什么不试试非apache里的东西呢?
用iptables,一句就应够了。 iptables -A INPUT -s XXXXX(baidu ip) -p tcp -j DROP |
