Solved

403 Errors if many requests within seconds

Posted on 2006-11-01
4
241 Views
Last Modified: 2012-06-27
Hello, my server is really giving me a headache!

I have a webpage with about 100 peripheral files (JS, CSS, jpg etc.)

Many site visitors have been complaining that they receive 403 errors.

If you refresh the page too quickly, you will get a 403 error ALMOST EVERY TIME.

Refresh the page 5 times in a row and you will be sure to get a 403 error.

Sometimes only half the images will load, and the others will be broken because of 403 errors.

My theory is that the server thinks that my visitors are hackers because they are making so many requests within a second.

By the way, I don't get this complaint at all from dial-up users-- the faster my visitor's high-speed connection, the more likely they are to get a 403 error.

Here are some key settings from my httpd.conf

        Timeout 300
        KeepAlive On
        MaxKeepAliveRequests 100
        KeepAliveTimeout 15
        MinSpareServers 5
        MaxSpareServers 10
        StartServers 5
        MaxClients 150
        MaxRequestsPerChild 0
        LoadModule expires_module            libexec/mod_expires.so
        LoadModule bwlimited_module           libexec/mod_bwlimited.so
        LoadModule bytes_log_module           libexec/mod_log_bytes.so
        LoadModule auth_passthrough_module      libexec/mod_auth_passthrough.so
        LoadModule evasive_module            libexec/mod_evasive.so


Please help! Thanks.
0
Comment
Question by:hankknight
  • 2
  • 2
4 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 17849375
Have you looked in your Apache logs to see if Apache is complaining about something?

Is your sever sized for the number of visitors?
0
 
LVL 16

Author Comment

by:hankknight
ID: 17849572
Hello,

>> Have you looked in your Apache logs to see if Apache is complaining about something?

Yes, and the only relevant information in the server logs is this:
               "client denied by server configuration"
In fact, by error log has almost NOTHING in it except hundreds of those errors.

>> Is your sever sized for the number of visitors?

Yes, I have a dedicated server with an Athlon MP processor and 1 gig or ram...  I have monitored my CPU and memory usage and neither have even spiked above a quarter of what is available.

I know absolutely NOTHING about system administration but my guess is that it is either mod evasive or my MaxClients setting.  But because this is a live site I don't want to start messing with things till I know the implications.

0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 17849973
Do you have more than 150 concurrent clients accessing your sever at once?

If you do then you may want to up MaxClients to, say 300 (or just a little bit more than how many ever concurrent clients you know you have), and see if the number of instances goes down or completely disappears.  You also may want to increase MinSpareServers to 10 or 20 and MaxSpareServers to 50.  This will decrease the overhead of stopping and starting processes.

I would also recommend setting MaxRequestsPerChild to something other than 0.  The defualt is 10000, so that should be a fine number to use.  If you set it to 0, then  the processes will never die and if you happen to have a memory leak you could chew up enough memory to cause serious system problems.  The 10,000 says that after 10,000 request,s stop this process and start a new one when needed.

0
 
LVL 16

Author Comment

by:hankknight
ID: 17868464
Thank you.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now