tuning optimizar maxrequestworkers httpd example apache security http centos

optimizar - tuning apache server



ConfiguraciĆ³n de Apache: MaxClients alcanzados | Muchos GET desconocidos en access_log (2)

Estoy configurando un nuevo servidor apache + mysql. Tiene solo 3 sitios web y realmente no tiene mucha actividad. Lo uso principalmente para programar y probar.

El httpd.conf del servidor es este:

.... <IfModule prefork.c> StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000 </IfModule> <IfModule worker.c> StartServers 4 MaxClients 300 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule> ....

Por alguna razón, tan pronto como inicie el servidor y visite una página (incluso si es realmente básica, sin conexiones a la base de datos o lo que sea ... Entiendo esto:

[Wed Dec 11 13:59:10 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Dec 11 13:59:10 2013] [notice] Digest: generating secret for digest authentication ... [Wed Dec 11 13:59:10 2013] [notice] Digest: done [Wed Dec 11 13:59:10 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations [Wed Dec 11 13:59:25 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting

Si ejecuto "ps -ef" tan pronto como inicie el servidor, veo todos estos procesos en ejecución:

UID PID PPID C STIME TTY TIME CMD .... root 2945 1 2 14:08 ? 00:00:00 /usr/sbin/httpd apache 2947 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2948 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2949 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2950 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2951 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2952 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2953 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2954 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2955 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2956 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2957 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2958 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2959 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2960 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2961 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2962 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2963 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2964 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2965 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2966 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2967 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2968 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2969 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2970 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2971 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2972 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2973 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2974 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2975 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2976 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2977 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2978 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2979 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2980 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2981 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2982 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2983 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2984 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2985 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2986 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2987 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2988 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2989 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2990 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2991 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2992 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2993 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2994 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2995 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2996 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2997 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2998 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 2999 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3000 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3001 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3002 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3003 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3004 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3005 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3006 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3007 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3008 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3009 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3010 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3011 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3012 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3013 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3014 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3015 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3016 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3017 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3018 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3019 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3020 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3021 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3022 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3023 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3024 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3025 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3026 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3027 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3028 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3029 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3030 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3031 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3032 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3033 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3034 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3035 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3036 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3037 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3038 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3039 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3040 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3041 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3042 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3043 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3044 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3045 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3046 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3047 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3048 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3049 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3050 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3051 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3052 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3053 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3054 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3055 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3056 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3057 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3058 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3059 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3060 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3061 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3062 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3063 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3064 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3065 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3066 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3067 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3068 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3069 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3070 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3071 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3072 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3073 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3074 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3075 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3076 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3077 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3078 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3079 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3080 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd apache 3081 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3082 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3083 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3084 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3085 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3086 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3087 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3088 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3089 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3090 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3091 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3092 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3093 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3094 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3095 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3096 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3097 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3098 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3099 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3100 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3101 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3102 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3103 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3104 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3105 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3106 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3107 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3108 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3109 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3110 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3111 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3112 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3113 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3114 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3115 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3116 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3117 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3118 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3119 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3120 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3121 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3122 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3123 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3124 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3125 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3126 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3127 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3128 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3129 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3130 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3131 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3132 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3133 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3134 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3135 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3136 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3137 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3138 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3139 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3140 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3141 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3142 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3143 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3144 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3145 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3146 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3147 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3148 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3149 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3150 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3151 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3152 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3153 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3154 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3155 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3156 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3157 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3158 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3159 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3160 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3161 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3162 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3163 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3164 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3165 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3166 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3167 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3168 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3169 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3170 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3171 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3172 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3173 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3174 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3175 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3176 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3177 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3178 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3179 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3180 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3181 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3182 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3183 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3184 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3185 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3186 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3187 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3188 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3189 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3190 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3191 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3192 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3193 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3194 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3195 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3196 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3197 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3198 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3199 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3200 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3201 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd apache 3202 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd root 3203 1750 5 14:09 pts/0 00:00:00 ps -ef

Si trato de verificar el registro de acceso con "tail -f access_log" obtengo entradas non stop para acceder a sitios que nunca he visto y que no estoy alojando (?). Mi servidor solo tiene algunos sitios básicos y yo soy el que más accede a estos sitios.

172.240.255.43 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=3796694&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2864710689 HTTP/1.0" 200 5463 "http://www.sceatec.com/hardware/how-to-improve-servers-performance.html" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)" 192.169.85.121 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=5156870&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1962079223 HTTP/1.0" 200 5547 "http://www.workacumen.com/index.php?option=com_content&view=article&id=1630:Great-West-Life-Insurance-Rates-for-Women-Smokers-and-Non-Smokers&catid=4&Itemid=5" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser; .NET CLR 2.0.50727; Creative ZENcast v1.02.12; .NET CLR 3.0.04506.30)" 69.162.70.75 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/ca/6e/ef/bf/ca6eefbfc4b3e52b860e32307142dd2c.gif HTTP/1.0" 200 26598 "http://www.fitnesscareson.com/fitness-factory/fitness-jobs/choosing-the-beauty-salons-in-san-francisco-6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Alexa Toolbar)" 192.169.85.99 - - [11/Dec/2013:14:15:19 +0000] "GET http://ak1.abmr.net/is/pixel.mathtag.com?U=/misc/img&V=3-1xWPO+glnAYtvOljCBLqFpimxCqp%2fbcnElHRB%2fCXRbsOSOHvsVBgEQ%3d%3d&I=25B80927125D326&D=mathtag.com&01AD=1&mt_id=0&mt_adid=0&mop_seq=0:1&mt_cb=117628&mop_top= HTTP/1.0" 302 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5151124&pub_url=salebusinessidea.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=1561726732" "Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)" 46.55.23.55 - - [11/Dec/2013:14:15:19 +0000] "GET http://web1.exactseek.com/webclient/?query=fjxg+/threads/&start=5&offset=80&lang=ENG HTTP/1.0" 200 27274 "http://web1.exactseek.com/" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16" 216.245.216.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://b.scorecardresearch.com/b?c1=8&c2=6035610&rn=0.34418662962084006&c7=http%3A%2F%2Fads.yahoo.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D5151124%26pub_url%3Dsalebusinessidea.com%26_msd%3D1%26_xcf%3D0%26rmxbkn%3D0%26_cbv%3D4057802456&c3=30032779&c4=234558859&c5=114925099&c6=%25m&c10=18971014219&c15=&c16=&c8=&c9=http%3A%2F%2Fwww.salebusinessidea.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D333%3AIdeas-for-Creative-Brainstorming--%26catid%3D174%26Itemid%3D83&cv=1.8 HTTP/1.0" 204 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5151124&pub_url=salebusinessidea.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=4057802456" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)" 23.19.79.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/get-user-id?ver=2&s=5133289&ts=1386771312&sig=96b66e7aa45d6484 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5133289&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2176781951" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; Deepnet Explorer)" 192.169.85.194 - - [11/Dec/2013:14:15:18 +0000] "GET http://ad.doubleclick.net/adj/N7384.137772.MAXPOINTINTERACTIVE/B7845858.4;sz=728x90;click=http://mpc.mxptint.net/9S1SE5696B23S1090S5E02S2D8S5ASC89SBDF_5174C7F6_819009SDF_5174C7FB_19EB91%3fhttp://r.mxptint.net%3f;ord=5393202 HTTP/1.0" 200 7573 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=3698931&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=891089422" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727)" 69.147.233.50 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/fb/a8/7f/c7/fba87fc7f7a0335ef9033c4f717d7bb3.png HTTP/1.0" 200 18820 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=4311038&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=445943840" "Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.11) Gecko/20080118 Firefox/2.0.0.11" 192.169.85.52 - - [11/Dec/2013:14:15:18 +0000] "GET http://ads.yahoo.com/imp?_cbv=1420241591&_msd=1&_xcf=0&Z=0x0&y=29&rmxbkn=0&s=5081065&_salt=0&B=12&m=2&H=&u=http%3A%2F%2Fwww.makemasterfinance.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D1540%3ABuy-Car-Insurance-Online%3A-Obtaining-Quotes-and-Comparisons%26catid%3D4%26Itemid%3D5&M=5&r=1 HTTP/1.0" 200 958 "http://www.makemasterfinance.com/index.php?option=com_content&view=article&id=1540:Buy-Car-Insurance-Online:-Obtaining-Quotes-and-Comparisons&catid=4&Itemid=5" "Opera/9.80 (X11; Linux i686; U; ja) Presto/2.7.62 Version/11.01" 172.240.255.35 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=pop&ad_size=0x0&section=3796694&banned_pop_types=29&pop_times=1&pop_frequency=0&pub_url=www.sceatec.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=381351163 HTTP/1.0" 200 5200 "http://www.sceatec.com/hardware/hp-c7975a-lto5-huge-capacity-compatible-protected-media-cartridge.html" "Opera/9.24 (Windows NT 5.1; U; tr)" 192.169.85.86 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/get-user-id?ver=2&s=5167806&ts=1386771294&sig=cd794b3708a1bd0b HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5167806&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=4177140593" "Mozilla/4.7 [en] (Win98; I)" 23.19.58.228 - - [11/Dec/2013:14:15:19 +0000] "GET http://pixel.mathtag.com/sync/js?01AD=3qniaWcOZKiAgKJ1xmCiuoQQpEZBJYda9WXoBVp85E3l9lKH-WSWsUw&01RI=ED8AB17483CAF35&01NA=na&sync=auto&mt_lim=1 HTTP/1.0" 200 195 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5159500&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=480249027" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98; Alexa Toolbar)" 173.208.83.84 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=2105678712&_msd=1&_xcf=0&Z=300x250&u=learnabouttrip.com&rmxbkn=0&s=5141599&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Flearnabouttrip.com%2Findex.php%2Ftourist-definition%2F1324-tourism-in-zimbabwe&M=3&r=1 HTTP/1.0" 200 1008 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=5141599&pub_url=learnabouttrip.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=2105678712" "Mozilla/5.0 (Linux i686; U; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.51" 23.19.79.116 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=203356319&_msd=1&_xcf=0&Z=160x600&rmxbkn=0&s=5133289&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Fsuperwomenhealth.com%2Findex.php%2Fkids-health%2F2554-fresh-healthy-vending&u=http%3A%2F%2Fsuperwomenhealth.com%2Findex.php%2Fkids-health%2F2554-fresh-healthy-vending&M=4&r=1 HTTP/1.0" 200 1062 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=5133289&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=203356319" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)" 69.162.97.215 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=ad&ad_size=300x250&section=4890511&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2239536379 HTTP/1.0" 200 5149 "http://www.evigs.com/injury-dictionary-inqueries/medical-illness-dictionary/tips-for-learning-what-you-need-to-know-as-patient.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.694.0 Safari/534.24" 192.169.86.70 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=4411352&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1207065059 HTTP/1.0" 200 5532 "http://www.workinhouses.com/index.php?option=com_content&view=article&id=2537:Do-Hydrogen-Fuel-Conversion-Kits-Really-Work?&catid=174&Itemid=22" "Mozilla/5.0 (Windows NT 6.1; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.750.0 Safari/534.30" 69.147.233.50 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/79/fd/96/8a/79fd968aa01b830aca01612fac5b880a.gif HTTP/1.0" 200 12730 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90&section=4311038&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=3877702270" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8" 192.169.85.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://ad.doubleclick.net/adj/N7586.150834.TURN/B7621332;abr=!ie;sz=160x600;click=http://r.turn.com/r/formclick/id/VdfWUmfN5zUoLAwA4QUBAA/url/;ord=3884299047285479253 HTTP/1.0" 200 11 "http://ads.tblamnetwork.com/st?ad_type=iframe&ad_size=160x600&section=5040675&pub_url=${PUB_URL}" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)" 64.120.60.124 - - [11/Dec/2013:14:15:19 +0000] "GET http://ib.adnxs.com/seg?add=357296&t=2 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250&section=4931529&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1381802406" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 ChromePlus/1.5.2.0" 208.115.203.37 - - [11/Dec/2013:14:15:19 +0000] "GET http://ib.adnxs.com/seg?add=357277&t=2 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=336x280,300x250,250x250,180x150&section=4584406&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=3921164224" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; Alexa Toolbar)" 173.234.12.249 - - [11/Dec/2013:14:15:20 +0000] "GET http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2010001 HTTP/1.0" 200 - "http://www.newbia.net/index.php?option=com_content&view=category&layout=blog&id=24&Itemid=29&limitstart=40" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0; Alexa Toolbar)" 64.120.60.121 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=2824547489&_msd=1&_xcf=0&Z=160x600&rmxbkn=0&s=4931529&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Fhealthchurch.com%2Findex.php%2Fhealth-questions%2F3582-bluesuitmomcom&u=http%3A%2F%2Fhealthchurch.com%2Findex.php%2Fhealth-questions%2F3582-bluesuitmomcom&M=4&r=1 HTTP/1.0" 200 1060 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600&section=4931529&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2824547489" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2"

¿Algunas ideas? Estoy un poco perdido.


Finalmente pude arreglar esto ayer. El problema era que mi servidor actuaba como un proxy abierto.

Las entradas que se muestran en access_log suelen ser el resultado de clientes malintencionados que intentan explotar servidores proxy abiertos para acceder a un sitio web sin revelar su verdadera ubicación. Podrían estar haciendo esto para manipular los sistemas de anuncios de pago por clic, para agregar comentarios o spam de enlaces al sitio de otra persona, o simplemente para hacer algo desagradable sin ser detectado.

¿Cómo evité que estas solicitudes accedieran al servidor extranjero a través de mi servidor?

Primero, si no necesita ejecutar un servidor proxy, desactive mod_proxy comentando su línea LoadModule o desactivando ProxyRequests en httpd.conf. Recuerde que deshabilitar ProxyRequests no le impide utilizar un proxy inverso con la directiva ProxyPass.

No me gustó la idea de que mi servidor responda a las solicitudes de nombres de host aleatorios.

Puede configurar Apache para denegar el acceso a cualquier host que no esté configurado específicamente configurando un host virtual predeterminado:

NameVirtualHost *:80 <VirtualHost *:80> ServerName default.only <Location /> Order allow,deny Deny from all </Location> </VirtualHost> <VirtualHost *:80> ServerName realhost1.example.com ServerAlias alias1.example.com alias2.example.com DocumentRoot /path/to/site1 </VirtualHost>

Después de estos cambios, puede intentar utilizar su servidor como un proxy para acceder a otros sitios y asegurarse de que obtiene un error o contenido local de su sitio. Entre las formas de hacer esto:

Configure su navegador para usar su servidor web como su servidor proxy predeterminado y luego intente solicitar sitios extranjeros. Debería obtener solo el contenido de su sitio web como respuesta. Construir manualmente solicitudes usando telnet:

telnet yoursite.example.com 80 GET http://www.yahoo.com/ HTTP/1.1 Host: www.yahoo.com


Las dos cosas que se destacan de inmediato:

  1. Su servidor está devolviendo el código HTTP 200 para todas esas solicitudes GET. 200 significa que encontró la página para la URL. Debería devolver 404 (No encontrado) en su lugar. Su archivo index.php posiblemente esté aprobando solicitudes fuera del sitio. Mire su código, detenga eso y haga que devuelva 404s. Si esto no es solo un código mal escrito o pensado, su sitio web posiblemente se haya visto comprometido con el código insertado en index.php.

  2. Al observar las direcciones, puede tratarse de un ataque / explotación XSS que utiliza anuncios externos que utilizan su dominio para OBTENER otro sitio web / página cuando un usuario ve uno de los anuncios. Esto generalmente se hace para inflar vistas de anuncios (estafando la red publicitaria), ataques DDoS o para ocultar intentos de piratería. http://en.wikipedia.org/wiki/Cross-site_scripting