Fix a denial of service attack against mod_reqtimeout.
[Stefan Fritsch]
+ *) core: Rename MaxRequestsPerChild to MaxConnectionsPerChild, which
+ describes more accurately what the directive does. The old name
+ still works but logs a warning. [Stefan Fritsch]
+
*) mod_cache: Optionally serve stale data when a revalidation returns a
5xx response, controlled by the CacheStaleOnError directive.
[Graham Leggett]
HTTP or SNMP?
jerenkrantz says: Yawn. Who cares.
- * MaxRequestsPerChild measures connections, not requests.
- Until someone has a better way, we'll probably just rename it
- "MaxConnectionsPerChild".
-
* Regex containers don't work in an intutive way
Status: No one has come up with an efficient way to fix this
behavior. Dean has suggested getting rid of regex containers
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
-# MaxRequestsPerChild: maximum number of requests a server process serves
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+# before terminating
<IfModule mpm_prefork_module>
- StartServers 5
- MinSpareServers 5
- MaxSpareServers 10
- MaxClients 150
- MaxRequestsPerChild 0
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxClients 150
+ MaxConnectionsPerChild 0
</IfModule>
# worker MPM
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+# before terminating
<IfModule mpm_worker_module>
- StartServers 2
- MaxClients 150
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadsPerChild 25
- MaxRequestsPerChild 0
+ StartServers 2
+ MaxClients 150
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadsPerChild 25
+ MaxConnectionsPerChild 0
</IfModule>
# event MPM
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+# before terminating
<IfModule mpm_event_module>
- StartServers 2
- MaxClients 150
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadsPerChild 25
- MaxRequestsPerChild 0
+ StartServers 2
+ MaxClients 150
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadsPerChild 25
+ MaxConnectionsPerChild 0
</IfModule>
# NetWare MPM
# MinSpareThreads: Minimum number of idle threads, to handle request spikes
# MaxSpareThreads: Maximum number of idle threads
# MaxThreads: Maximum number of worker threads alive at the same time
-# MaxRequestsPerChild: Maximum number of requests a thread serves. It is
-# recommended that the default value of 0 be set for this
-# directive on NetWare. This will allow the thread to
-# continue to service requests indefinitely.
+# MaxConnectionsPerChild: Maximum number of connections a thread serves. It
+# is recommended that the default value of 0 be set
+# for this directive on NetWare. This will allow the
+# thread to continue to service requests indefinitely.
<IfModule mpm_netware_module>
ThreadStackSize 65536
StartThreads 250
MinSpareThreads 25
MaxSpareThreads 250
MaxThreads 1000
- MaxRequestsPerChild 0
+ MaxConnectionsPerChild 0
MaxMemFree 100
</IfModule>
# MinSpareThreads: Minimum number of idle threads per process,
# to handle request spikes
# MaxSpareThreads: Maximum number of idle threads per process
-# MaxRequestsPerChild: Maximum number of connections per server process
+# MaxConnectionsPerChild: Maximum number of connections per server process
<IfModule mpm_mpmt_os2_module>
- StartServers 2
- MinSpareThreads 5
- MaxSpareThreads 10
- MaxRequestsPerChild 0
+ StartServers 2
+ MinSpareThreads 5
+ MaxSpareThreads 10
+ MaxConnectionsPerChild 0
</IfModule>
# WinNT MPM
# ThreadsPerChild: constant number of worker threads in the server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
+# MaxConnectionsPerChild: maximum number of connections a server process serves
<IfModule mpm_winnt_module>
- ThreadsPerChild 150
- MaxRequestsPerChild 0
+ ThreadsPerChild 150
+ MaxConnectionsPerChild 0
</IfModule>
Use the <module>mod_status</module> output as a guide.</p>
<p>Related to process creation is process death induced by the
- <directive module="mpm_common">MaxRequestsPerChild</directive>
+ <directive module="mpm_common">MaxConnectionsPerChild</directive>
setting. By default this is <code>0</code>,
- which means that there is no limit to the number of requests
+ which means that there is no limit to the number of connections
handled per child. If your configuration currently has this set
to some very low number, such as <code>30</code>, you may want to bump this
up significantly. If you are running SunOS or an old version of
<p>When a client uses a Keep-Alive connection it will be counted
as a single "request" for the <directive module="mpm_common"
- >MaxRequestsPerChild</directive> directive, regardless
+ >MaxConnectionsPerChild</directive> directive, regardless
of how many requests are sent using the connection.</p>
</usage>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxMemFree</name>
</directivesynopsis>
-<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+<directivesynopsis location="mpm_common"><name>MaxConnectionsPerChild</name>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxSpareThreads</name>
</directivesynopsis>
</directivesynopsis>
<directivesynopsis>
-<name>MaxRequestsPerChild</name>
-<description>Limit on the number of requests that an individual child server
+<name>MaxConnectionsPerChild</name>
+<description>Limit on the number of connections that an individual child server
will handle during its life</description>
-<syntax>MaxRequestsPerChild <var>number</var></syntax>
-<default>MaxRequestsPerChild 10000</default>
+<syntax>MaxConnectionsPerChild <var>number</var></syntax>
+<default>MaxConnectionsPerChild 10000</default>
<contextlist><context>server config</context></contextlist>
<modulelist><module>mpm_netware</module>
<module>mpm_winnt</module><module>mpmt_os2</module>
<module>prefork</module><module>worker</module></modulelist>
+<compatibility>Available Apache HTTP Server 2.3.9 and later. The old name
+<code>MaxRequestsPerChild</code> ist still supported.</compatibility>
<usage>
- <p>The <directive>MaxRequestsPerChild</directive> directive sets
- the limit on the number of requests that an individual child
+ <p>The <directive>MaxConnectionsPerChild</directive> directive sets
+ the limit on the number of connections that an individual child
server process will handle. After
- <directive>MaxRequestsPerChild</directive> requests, the child
- process will die. If <directive>MaxRequestsPerChild</directive> is
+ <directive>MaxConnectionsPerChild</directive> connections, the child
+ process will die. If <directive>MaxConnectionsPerChild</directive> is
<code>0</code>, then the process will never expire.</p>
<note><title>Different default values</title>
<module>mpm_winnt</module> is <code>0</code>.</p>
</note>
- <p>Setting <directive>MaxRequestsPerChild</directive> to a
+ <p>Setting <directive>MaxConnectionsPerChild</directive> to a
non-zero value limits the amount of memory that process can consume
by (accidental) memory leakage.</p>
-
- <note><title>Note</title>
- <p>For <directive module="core">KeepAlive</directive> requests, only
- the first request is counted towards this limit. In effect, it
- changes the behavior to limit the number of <em>connections</em> per
- child.</p>
- </note>
</usage>
</directivesynopsis>
href="../misc/perf-tuning.html">performance hints</a>
documentation.</p>
- <p><directive module="mpm_common">MaxRequestsPerChild</directive>
+ <p><directive module="mpm_common">MaxConnectionsPerChild</directive>
controls how frequently the server recycles processes by killing old
ones and launching new ones. On the NetWare OS it is highly
recommended that this directive remain set to 0. This allows worker
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxMemFree</name>
</directivesynopsis>
-<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+<directivesynopsis location="mpm_common"><name>MaxConnectionsPerChild</name>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>ReceiveBufferSize</name>
</directivesynopsis>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>ListenBacklog</name>
</directivesynopsis>
-<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+<directivesynopsis location="mpm_common"><name>MaxConnectionsPerChild</name>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxMemFree</name>
</directivesynopsis>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>SendBufferSize</name>
</directivesynopsis>
-<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+<directivesynopsis location="mpm_common"><name>MaxConnectionsPerChild</name>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxSpareThreads</name>
</directivesynopsis>
must be able to read all the content that will be served, but
should have as few privileges beyond that as possible.</p>
- <p><directive module="mpm_common">MaxRequestsPerChild</directive>
+ <p><directive module="mpm_common">MaxConnectionsPerChild</directive>
controls how frequently the server recycles processes by killing
old ones and launching new ones.</p>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxMemFree</name>
</directivesynopsis>
-<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+<directivesynopsis location="mpm_common"><name>MaxConnectionsPerChild</name>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>ScoreBoardFile</name>
</directivesynopsis>
<ul>
<li>set the value of <directive module="mpm_common">
- MaxRequestsPerChild</directive> to zero</li>
+ MaxConnectionsPerChild</directive> to zero</li>
<li>set the value of <directive module="mpm_common">
MaxSpareThreads</directive> to the same value as
these directives also set the privileges which will be inherited
by CGI scripts.</p>
- <p><directive module="mpm_common">MaxRequestsPerChild</directive>
+ <p><directive module="mpm_common">MaxConnectionsPerChild</directive>
controls how frequently the server recycles processes by killing
old ones and launching new ones.</p>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxMemFree</name>
</directivesynopsis>
-<directivesynopsis location="mpm_common"><name>MaxRequestsPerChild</name>
+<directivesynopsis location="mpm_common"><name>MaxConnectionsPerChild</name>
</directivesynopsis>
<directivesynopsis location="mpm_common"><name>MaxSpareThreads</name>
</directivesynopsis>
<p>Therefore the "process"-management directives are different:</p>
- <p><directive module="mpm_common">MaxRequestsPerChild</directive> -
- Like the Unix directive, this controls how many requests
+ <p><directive module="mpm_common">MaxConnectionsPerChild</directive> -
+ Like the Unix directive, this controls how many connections
a worker thread will serve before exiting. The recommended default,
- <code>MaxRequestsPerChild 0</code>, causes the thread to continue servicing
+ <code>MaxConnectionsPerChild 0</code>, causes the thread to continue servicing
request indefinitely. It is recommended on NetWare, unless there is some
specific reason, that this directive always remain set to <code>0</code>.</p>
<p>The process management directives are also different:</p>
- <p><directive module="mpm_common">MaxRequestsPerChild</directive>:
- Like the Unix directive, this controls how many requests (actually,
- connections) which a single child process will serve before exiting.
+ <p><directive module="mpm_common">MaxConnectionsPerChild</directive>:
+ Like the Unix directive, this controls how many connections a single
+ child process will serve before exiting.
However, unlike on Unix, a replacement process is not instantly
- available. Use the default <code>MaxRequestsPerChild 0</code>,
+ available. Use the default <code>MaxConnectionsPerChild 0</code>,
unless instructed to change the behavior to overcome a memory leak
in third party modules or in-process applications.</p>
configurations as discussed below.</p>
<ul>
+ <li><directive>MaxRequestsPerChild</directive> has been renamed to
+ <directive module="mpm_common">MaxConnectionsPerChild</directive>,
+ which describes more accurately what it does.</li>
+
<li>The <directive module="core">DefaultType</directive>
directive no longer has any effect, other than to emit a
warning if it's used with any value other than
AP_INIT_TAKE1("PidFile", ap_mpm_set_pidfile, NULL, RSRC_CONF,
"A file for logging the server process ID"),
AP_INIT_TAKE1("MaxRequestsPerChild", ap_mpm_set_max_requests, NULL, RSRC_CONF,
- "Maximum number of requests a particular child serves before dying."),
+ "Maximum number of connections a particular child serves before "
+ "dying. (DEPRECATED, use MaxConnectionsPerChild)"),
+AP_INIT_TAKE1("MaxConnectionsPerChild", ap_mpm_set_max_requests, NULL, RSRC_CONF,
+ "Maximum number of connections a particular child serves before dying."),
AP_INIT_TAKE1("CoreDumpDirectory", ap_mpm_set_coredumpdir, NULL, RSRC_CONF,
"The location of the directory Apache changes to before dumping core"),
AP_INIT_TAKE1("MaxMemFree", ap_mpm_set_max_mem_free, NULL, RSRC_CONF,
}
/* requests_this_child has gone to zero or below. See if the admin coded
- "MaxRequestsPerChild 0", and keep going in that case. Doing it this way
+ "MaxConnectionsPerChild 0", and keep going in that case. Doing it this way
simplifies the hot path in worker_thread */
static void check_infinite_requests(void)
{
else { /* !one_process */
/* remove SIGTERM from the set of blocked signals... if one of
* the other threads in the process needs to take us down
- * (e.g., for MaxRequestsPerChild) it will send us SIGTERM
+ * (e.g., for MaxConnectionsPerChild) it will send us SIGTERM
*/
unblock_signal(SIGTERM);
apr_signal(SIGTERM, dummy_signal_handler);
break;
}
- /* Have we hit MaxRequestsPerChild connections? */
+ /* Have we hit MaxConnectionsPerChild connections? */
if (ap_max_requests_per_child) {
requests_this_child++;
if (requests_this_child > ap_max_requests_per_child) {
*
* max_requests_per_child_event:
* This event is signaled by the worker threads to indicate that
- * the process has handled MaxRequestsPerChild connections.
+ * the process has handled MaxConnectionsPerChild connections.
*
* TIMEOUT:
* To do periodic maintenance on the server (check for thread exits,
break;
}
else {
- /* MaxRequestsPerChild event set by the worker threads.
+ /* MaxConnectionsPerChild event set by the worker threads.
* Signal the parent to restart
*/
ap_log_error(APLOG_MARK, APLOG_NOTICE, APR_SUCCESS, ap_server_conf,
"Child %d: Process exiting because it reached "
- "MaxRequestsPerChild. Signaling the parent to "
+ "MaxConnectionsPerChild. Signaling the parent to "
"restart a new child process.", my_pid);
ap_signal_parent(SIGNAL_PARENT_RESTART);
break;
* translated into an ap_signal_parent(SIGNAL_PARENT_RESTART)
* call by code in service.c.
* 3. The child process calling ap_signal_parent(SIGNAL_PARENT_RESTART)
- * as a result of hitting MaxRequestsPerChild.
+ * as a result of hitting MaxConnectionsPerChild.
*
* shutdown_event
* --------------
}
/* requests_this_child has gone to zero or below. See if the admin coded
- "MaxRequestsPerChild 0", and keep going in that case. Doing it this way
+ "MaxConnectionsPerChild 0", and keep going in that case. Doing it this way
simplifies the hot path in worker_thread */
static void check_infinite_requests(void)
{
else { /* !one_process */
/* remove SIGTERM from the set of blocked signals... if one of
* the other threads in the process needs to take us down
- * (e.g., for MaxRequestsPerChild) it will send us SIGTERM
+ * (e.g., for MaxConnectionsPerChild) it will send us SIGTERM
*/
unblock_signal(SIGTERM);
apr_signal(SIGTERM, dummy_signal_handler);
return err;
}
+ if (!strcasecmp(cmd->cmd->name, "MaxRequestsPerChild")) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
+ "MaxRequestsPerChild is deprecated, use "
+ "MaxConnectionsPerChild instead.");
+ }
+
ap_max_requests_per_child = atoi(arg);
return NULL;
projects / thirdparty / apache / httpd.git / commitdiff
