Конфигурация Apache: MaxClients достигли | Много неизвестных GET в access_log
Я настраиваю новый сервер apache+mysql. У него всего 3 веб-сайта, и он действительно не очень активен. Я в основном использую его для программирования и тестирования.
Httpd.conf сервера это:
....
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
</IfModule>
<IfModule worker.c>
StartServers 4
MaxClients 300
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
....
По какой-то причине, как только я запускаю сервер и захожу на страницу (даже если она действительно базовая, без подключений к базе данных или чем-то еще... Я получаю это:
[Wed Dec 11 13:59:10 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Dec 11 13:59:10 2013] [notice] Digest: generating secret for digest authentication ...
[Wed Dec 11 13:59:10 2013] [notice] Digest: done
[Wed Dec 11 13:59:10 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 configured -- resuming normal operations
[Wed Dec 11 13:59:25 2013] [error] server reached MaxClients setting, consider raising the MaxClients setting
Если я выполню "ps -ef" сразу после запуска сервера, я вижу, что все эти процессы работают:
UID PID PPID C STIME TTY TIME CMD
....
root 2945 1 2 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2947 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2948 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2949 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2950 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2951 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2952 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2953 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2954 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2955 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2956 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2957 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2958 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2959 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2960 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2961 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2962 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2963 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2964 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2965 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2966 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2967 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2968 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2969 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2970 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2971 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2972 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2973 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2974 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2975 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2976 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2977 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2978 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2979 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2980 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2981 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2982 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2983 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2984 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2985 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2986 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2987 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2988 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2989 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2990 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2991 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2992 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2993 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2994 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2995 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2996 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2997 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2998 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 2999 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3000 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3001 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3002 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3003 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3004 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3005 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3006 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3007 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3008 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3009 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3010 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3011 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3012 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3013 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3014 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3015 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3016 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3017 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3018 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3019 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3020 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3021 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3022 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3023 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3024 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3025 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3026 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3027 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3028 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3029 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3030 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3031 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3032 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3033 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3034 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3035 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3036 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3037 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3038 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3039 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3040 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3041 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3042 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3043 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3044 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3045 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3046 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3047 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3048 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3049 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3050 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3051 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3052 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3053 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3054 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3055 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3056 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3057 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3058 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3059 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3060 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3061 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3062 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3063 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3064 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3065 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3066 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3067 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3068 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3069 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3070 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3071 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3072 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3073 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3074 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3075 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3076 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3077 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3078 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3079 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3080 2945 0 14:08 ? 00:00:00 /usr/sbin/httpd
apache 3081 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3082 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3083 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3084 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3085 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3086 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3087 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3088 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3089 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3090 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3091 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3092 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3093 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3094 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3095 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3096 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3097 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3098 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3099 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3100 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3101 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3102 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3103 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3104 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3105 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3106 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3107 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3108 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3109 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3110 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3111 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3112 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3113 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3114 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3115 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3116 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3117 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3118 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3119 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3120 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3121 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3122 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3123 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3124 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3125 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3126 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3127 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3128 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3129 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3130 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3131 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3132 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3133 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3134 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3135 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3136 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3137 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3138 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3139 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3140 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3141 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3142 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3143 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3144 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3145 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3146 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3147 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3148 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3149 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3150 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3151 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3152 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3153 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3154 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3155 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3156 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3157 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3158 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3159 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3160 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3161 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3162 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3163 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3164 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3165 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3166 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3167 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3168 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3169 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3170 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3171 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3172 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3173 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3174 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3175 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3176 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3177 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3178 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3179 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3180 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3181 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3182 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3183 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3184 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3185 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3186 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3187 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3188 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3189 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3190 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3191 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3192 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3193 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3194 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3195 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3196 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3197 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3198 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3199 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3200 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3201 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
apache 3202 2945 0 14:09 ? 00:00:00 /usr/sbin/httpd
root 3203 1750 5 14:09 pts/0 00:00:00 ps -ef
Если я пытаюсь проверить журнал доступа с помощью "tail -f access_log", я получаю безостановочные записи для доступа к сайтам, которые я никогда не видел, и что я не хостинг (?). У моего сервера всего несколько базовых сайтов, и я больше всего обращаюсь к этим сайтам.
172.240.255.43 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250§ion=3796694&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2864710689 HTTP/1.0" 200 5463 "http://www.sceatec.com/hardware/how-to-improve-servers-performance.html" "Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)"
192.169.85.121 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90§ion=5156870&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1962079223 HTTP/1.0" 200 5547 "http://www.workacumen.com/index.php?option=com_content&view=article&id=1630:Great-West-Life-Insurance-Rates-for-Women-Smokers-and-Non-Smokers&catid=4&Itemid=5" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser; .NET CLR 2.0.50727; Creative ZENcast v1.02.12; .NET CLR 3.0.04506.30)"
69.162.70.75 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/ca/6e/ef/bf/ca6eefbfc4b3e52b860e32307142dd2c.gif HTTP/1.0" 200 26598 "http://www.fitnesscareson.com/fitness-factory/fitness-jobs/choosing-the-beauty-salons-in-san-francisco-6.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Alexa Toolbar)"
192.169.85.99 - - [11/Dec/2013:14:15:19 +0000] "GET http://ak1.abmr.net/is/pixel.mathtag.com?U=/misc/img&V=3-1xWPO+glnAYtvOljCBLqFpimxCqp%2fbcnElHRB%2fCXRbsOSOHvsVBgEQ%3d%3d&I=25B80927125D326&D=mathtag.com&01AD=1&mt_id=0&mt_adid=0&mop_seq=0:1&mt_cb=117628&mop_top= HTTP/1.0" 302 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600§ion=5151124&pub_url=salebusinessidea.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=1561726732" "Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)"
46.55.23.55 - - [11/Dec/2013:14:15:19 +0000] "GET http://web1.exactseek.com/webclient/?query=fjxg+/threads/&start=5&offset=80&lang=ENG HTTP/1.0" 200 27274 "http://web1.exactseek.com/" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16"
216.245.216.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://b.scorecardresearch.com/b?c1=8&c2=6035610&rn=0.34418662962084006&c7=http%3A%2F%2Fads.yahoo.com%2Fst%3Fad_type%3Diframe%26ad_size%3D300x250%26section%3D5151124%26pub_url%3Dsalebusinessidea.com%26_msd%3D1%26_xcf%3D0%26rmxbkn%3D0%26_cbv%3D4057802456&c3=30032779&c4=234558859&c5=114925099&c6=%25m&c10=18971014219&c15=&c16=&c8=&c9=http%3A%2F%2Fwww.salebusinessidea.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D333%3AIdeas-for-Creative-Brainstorming--%26catid%3D174%26Itemid%3D83&cv=1.8 HTTP/1.0" 204 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250§ion=5151124&pub_url=salebusinessidea.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=4057802456" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)"
23.19.79.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/get-user-id?ver=2&s=5133289&ts=1386771312&sig=96b66e7aa45d6484 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600§ion=5133289&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2176781951" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; Deepnet Explorer)"
192.169.85.194 - - [11/Dec/2013:14:15:18 +0000] "GET http://ad.doubleclick.net/adj/N7384.137772.MAXPOINTINTERACTIVE/B7845858.4;sz=728x90;click=http://mpc.mxptint.net/9S1SE5696B23S1090S5E02S2D8S5ASC89SBDF_5174C7F6_819009SDF_5174C7FB_19EB91%3fhttp://r.mxptint.net%3f;ord=5393202 HTTP/1.0" 200 7573 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90§ion=3698931&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=891089422" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; XMPP Tiscali Communicator v.10.0.2; .NET CLR 2.0.50727)"
69.147.233.50 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/fb/a8/7f/c7/fba87fc7f7a0335ef9033c4f717d7bb3.png HTTP/1.0" 200 18820 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600§ion=4311038&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=445943840" "Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8.1.11) Gecko/20080118 Firefox/2.0.0.11"
192.169.85.52 - - [11/Dec/2013:14:15:18 +0000] "GET http://ads.yahoo.com/imp?_cbv=1420241591&_msd=1&_xcf=0&Z=0x0&y=29&rmxbkn=0&s=5081065&_salt=0&B=12&m=2&H=&u=http%3A%2F%2Fwww.makemasterfinance.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D1540%3ABuy-Car-Insurance-Online%3A-Obtaining-Quotes-and-Comparisons%26catid%3D4%26Itemid%3D5&M=5&r=1 HTTP/1.0" 200 958 "http://www.makemasterfinance.com/index.php?option=com_content&view=article&id=1540:Buy-Car-Insurance-Online:-Obtaining-Quotes-and-Comparisons&catid=4&Itemid=5" "Opera/9.80 (X11; Linux i686; U; ja) Presto/2.7.62 Version/11.01"
172.240.255.35 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=pop&ad_size=0x0§ion=3796694&banned_pop_types=29&pop_times=1&pop_frequency=0&pub_url=www.sceatec.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=381351163 HTTP/1.0" 200 5200 "http://www.sceatec.com/hardware/hp-c7975a-lto5-huge-capacity-compatible-protected-media-cartridge.html" "Opera/9.24 (Windows NT 5.1; U; tr)"
192.169.85.86 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/get-user-id?ver=2&s=5167806&ts=1386771294&sig=cd794b3708a1bd0b HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250§ion=5167806&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=4177140593" "Mozilla/4.7 [en] (Win98; I)"
23.19.58.228 - - [11/Dec/2013:14:15:19 +0000] "GET http://pixel.mathtag.com/sync/js?01AD=3qniaWcOZKiAgKJ1xmCiuoQQpEZBJYda9WXoBVp85E3l9lKH-WSWsUw&01RI=ED8AB17483CAF35&01NA=na&sync=auto&mt_lim=1 HTTP/1.0" 200 195 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600§ion=5159500&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=480249027" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98; Alexa Toolbar)"
173.208.83.84 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=2105678712&_msd=1&_xcf=0&Z=300x250&u=learnabouttrip.com&rmxbkn=0&s=5141599&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Flearnabouttrip.com%2Findex.php%2Ftourist-definition%2F1324-tourism-in-zimbabwe&M=3&r=1 HTTP/1.0" 200 1008 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250§ion=5141599&pub_url=learnabouttrip.com&_msd=1&_xcf=0&rmxbkn=0&_cbv=2105678712" "Mozilla/5.0 (Linux i686; U; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.51"
23.19.79.116 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=203356319&_msd=1&_xcf=0&Z=160x600&rmxbkn=0&s=5133289&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Fsuperwomenhealth.com%2Findex.php%2Fkids-health%2F2554-fresh-healthy-vending&u=http%3A%2F%2Fsuperwomenhealth.com%2Findex.php%2Fkids-health%2F2554-fresh-healthy-vending&M=4&r=1 HTTP/1.0" 200 1062 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600§ion=5133289&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=203356319" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)"
69.162.97.215 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=ad&ad_size=300x250§ion=4890511&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2239536379 HTTP/1.0" 200 5149 "http://www.evigs.com/injury-dictionary-inqueries/medical-illness-dictionary/tips-for-learning-what-you-need-to-know-as-patient.html" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.694.0 Safari/534.24"
192.169.86.70 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90§ion=4411352&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1207065059 HTTP/1.0" 200 5532 "http://www.workinhouses.com/index.php?option=com_content&view=article&id=2537:Do-Hydrogen-Fuel-Conversion-Kits-Really-Work?&catid=174&Itemid=22" "Mozilla/5.0 (Windows NT 6.1; en-US) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.750.0 Safari/534.30"
69.147.233.50 - - [11/Dec/2013:14:15:19 +0000] "GET http://content.yieldmanager.edgesuite.net/atoms/79/fd/96/8a/79fd968aa01b830aca01612fac5b880a.gif HTTP/1.0" 200 12730 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=728x90§ion=4311038&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=3877702270" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8"
192.169.85.115 - - [11/Dec/2013:14:15:19 +0000] "GET http://ad.doubleclick.net/adj/N7586.150834.TURN/B7621332;abr=!ie;sz=160x600;click=http://r.turn.com/r/formclick/id/VdfWUmfN5zUoLAwA4QUBAA/url/;ord=3884299047285479253 HTTP/1.0" 200 11 "http://ads.tblamnetwork.com/st?ad_type=iframe&ad_size=160x600§ion=5040675&pub_url=${PUB_URL}" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
64.120.60.124 - - [11/Dec/2013:14:15:19 +0000] "GET http://ib.adnxs.com/seg?add=357296&t=2 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=300x250§ion=4931529&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=1381802406" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 ChromePlus/1.5.2.0"
208.115.203.37 - - [11/Dec/2013:14:15:19 +0000] "GET http://ib.adnxs.com/seg?add=357277&t=2 HTTP/1.0" 200 - "http://ads.yahoo.com/st?ad_type=iframe&ad_size=336x280,300x250,250x250,180x150§ion=4584406&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=3921164224" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; Alexa Toolbar)"
173.234.12.249 - - [11/Dec/2013:14:15:20 +0000] "GET http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2010001 HTTP/1.0" 200 - "http://www.newbia.net/index.php?option=com_content&view=category&layout=blog&id=24&Itemid=29&limitstart=40" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0; Alexa Toolbar)"
64.120.60.121 - - [11/Dec/2013:14:15:19 +0000] "GET http://ads.yahoo.com/imp?_cbv=2824547489&_msd=1&_xcf=0&Z=160x600&rmxbkn=0&s=4931529&T=3&_salt=0&B=12&m=2&H=http%3A%2F%2Fhealthchurch.com%2Findex.php%2Fhealth-questions%2F3582-bluesuitmomcom&u=http%3A%2F%2Fhealthchurch.com%2Findex.php%2Fhealth-questions%2F3582-bluesuitmomcom&M=4&r=1 HTTP/1.0" 200 1060 "http://ads.yahoo.com/st?ad_type=iframe&ad_size=160x600§ion=4931529&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=2824547489" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.861.0 Safari/535.2"
Есть идеи? Я немного потерян.
2 ответа
Решение
Я мог бы наконец это исправить вчера. Проблема была в том, что мой сервер действовал как открытый прокси.
Записи, отображаемые в access_log, обычно являются результатом того, что злонамеренные клиенты пытаются использовать открытые прокси-серверы для доступа к веб-сайту, не раскрывая своего истинного местоположения. Они могли бы делать это, чтобы манипулировать рекламными системами с оплатой за клик, добавлять комментарии или ссылочный спам на чужой сайт, или просто делать что-то неприятное, не будучи обнаруженным.
Как я запретил этим запросам обращаться к стороннему серверу через мой сервер?
Во-первых, если вам не нужно запускать прокси-сервер, отключите mod_proxy, закомментировав его строку LoadModule или отключив ProxyRequests в httpd.conf. Помните, что отключение ProxyRequests не мешает вам использовать обратный прокси с директивой ProxyPass.
Мне не понравилась идея, что мой сервер отвечает на запросы случайных имен хостов.
Вы можете настроить Apache для запрета доступа к любому хосту, который специально не настроен, настроив виртуальный хост по умолчанию:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName default.only
<Location />
Order allow,deny
Deny from all
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName realhost1.example.com
ServerAlias alias1.example.com alias2.example.com
DocumentRoot /path/to/site1
</VirtualHost>
После этих изменений вы можете попробовать использовать свой сервер в качестве прокси-сервера для доступа к другим сайтам и убедиться, что вы получаете либо сбой, либо локальный контент с вашего сайта. Среди способов сделать это:
Настройте браузер на использование веб-сервера в качестве прокси-сервера по умолчанию, а затем попытайтесь запросить сторонние сайты. Вы должны получить только свой собственный контент сайта в ответ. Вручную составьте запросы, используя telnet:
telnet yoursite.example.com 80
GET http://www.yahoo.com/ HTTP/1.1
Host: www.yahoo.com
Две вещи, которые выделяются сразу:
Ваш сервер возвращает HTTP-код 200 для всех этих запросов GET. 200 означает, что он нашел страницу для URL. Он должен возвращать 404 (не найдено). Ваш файл index.php, возможно, проксирует сторонние запросы. Посмотрите на свой код, остановите его и / или сделайте так, чтобы он возвращал 404s. Если это не просто плохо написанный или продуманный код, возможно, ваш сайт скомпрометирован кодом, введенным в index.php.
Если посмотреть на адреса, это может быть атака / эксплойт XSS с использованием внешних объявлений, которые используют ваш домен для получения другого веб-сайта / страницы, когда пользователь просматривает одно из этих объявлений. Обычно это делается для надувания просмотров рекламы (отрыва рекламной сети), DDoS-атак или для сокрытия попыток взлома. http://en.wikipedia.org/wiki/Cross-site_scripting