[ic] mod_interchange and Apache MaxClients
John1
list_subscriber at yahoo.co.uk
Sun Nov 20 08:55:43 EST 2005
On Sunday, November 20, 2005 1:30 PM, list_subscriber at yahoo.co.uk wrote:
> Number of TCP and UDP connections for each IP, grouped by state
> 3 our_website's_IP CLOSE_WAIT
> 3 our_website's_IP FIN_WAIT2
> 10 hackers_IP CLOSE_WAIT
>
> There were also another 6 connections where the foreign
> address was actually the same as local address i.e. both were the IP
> address
> of the website - I am not sure why localhost would have a connection open
> to
> itself - I am intrigued, but I am sure it is not relevant to the server
> going down.
>
Ahh yes, I have just realised that the connections from localhost will be
Ron's "check if site is up" script which runs every minute as a cron job.
BTW, I have noticed that Apache 1.3.34 has recently been released to fix a
security flaw:
"If a request contains both Transfer-Encoding and Content-Length headers,
remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing
attacks."
Could this be related to the website hanging?
"mitigating some HTTP Request Splitting/Spoofing attacks" - I am not sure
exactly what this means - is it a "must do/urgent" upgrade? Thanks
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
More information about the interchange-users
mailing list