DoS protection strategies
olivier.bonvalet at daevel.net
Tue Apr 18 20:05:05 BST 2006
Ken Brownfield a écrit :
> On Apr 18, 2006, at 11:41 AM, Roberto Nibali wrote:
>> Only on a really badly configured web server or maybe a 486 machine
>> :). Otherwise this does not hold. Every web server will handle at
>> least 1000 concurrent TCP connections easily. After that you need
>> some ulimit or epoll tweaking.
> I agree that the ~1,000 simultaneous connection count is indeed the
> general breaking point for select()- or poll()-based web servers (in
> my experience), and epoll() is a much better solution as you say.
> But Apache will not handle 1,000 simultaneous connections unless you
> have 4GB of RAM, you're on a 32-bit platform, and you have every
> feature turned off. And then only if you don't want any disk
> buffer/cache. :)
> With typical application server support (e.g., mod_php), Apache will
> not reach 1000 processes without something like 8-16G of RAM. I've
> never been able to set MaxClients above 200... Copy-on-write only
> goes so far.
Strange, on one of my server (Athlon 64, Debian Sarge AMD64, 1.5Go RAM)
I handle about 800 / 900 simultaneous connections (without keepalived),
with Apache 2, mod_php 4 and eAccelerator... and I'm far to be an
More information about the lvs-users