In an attempt to keep things moderately under control on en, I've installed mod_throttle onto larousse's apache: http://www.snert.com/Software/mod_throttle/
It's still slow, but load has dropped from 20-60 range to 2ish-5ish, which is rather more comfortable: when I try to do something on the server, I don't have to wait several minutes for it to finish processing my ssh login!
The docs for mod_throttle are very vague and short on real-world examples, so this could be the worst configuration ever. I'm open to suggestions if anyone's got more of a clue than me...
[brion@larousse conf]$ cat throttle.conf <IfModule mod_throttle.c> # 'Idle' should delay connections rather than refuse them. # It's not clear how it reacts to images etc. # 5-second minimum within 60-second period? ThrottleClientIP 1024 Idle 5 60 ThrottleMaxDelay 20
# 'Document' theoretically ignores images, stylesheets, # and such. If more than the max # of requests is grabbed # within the cutoff period, you're denied with a 503 until # the time period runs out. # This isn't very elegant, but it may work...
# 10 requests per minute? #ThrottleClientIP 1024 Document 10 60
# 10 requests per minute, sustained for two minutes? #ThrottleClientIP 1024 Document 20 120 </IfModule>
Status info: http://larousse.wikipedia.org/throttle-status http://larousse.wikipedia.org/throttle-client-ip (doesn't work)
-- brion vibber (brion @ pobox.com)
On Tue, 2003-09-09 at 18:04, Brion Vibber wrote:
In an attempt to keep things moderately under control on en, I've installed mod_throttle onto larousse's apache: http://www.snert.com/Software/mod_throttle/
I'm slightly suspicious that mod_throttle may have been a culprit in the recent webserver croakings. Who knows...
Anyway I've changed the configuration again, trying to find a more appropriate setting... I've set it to 'Document' mode, which instead of steadily increading delays on connections immediately returns a 503 'Service Unavailable' error. In theory at least it shouldn't count stylesheets, images etc in its counts of how many connections you're making.
The current setting is: ThrottleClientIP 1024 Document 20 60
which: * keeps track of up to 1024 ip addresses at a time * has a timeout period of 60 seconds * cuts you off after 20 page requests (waiting an average of 3 seconds between requests should let you go infinitely)
If you hit the limit, you see this error message: http://www.wikipedia.org/503.html
I don't know if a hard cutoff like this is worse or better, but at least it's less *mysterious* than just a really really slow server.
If anyone's hitting the limit more frequently than they think they should in regular usage, please say something. (Note that random pages, page saves, and 'go' searches will count double, because you get redirected from one page to another).
-- brion vibber (brion @ pobox.com)
On Sat, 2003-09-13 at 14:27, I wrote:
If anyone's hitting the limit more frequently than they think they should in regular usage, please say something.
Angela says she's hitting the limit awful often. I've changed it from 20 hits in 60 seconds to 50 hits in 100 seconds.
-- brion vibber (brion @ pobox.com)
wikitech-l@lists.wikimedia.org