Package: apache2 Version: 2.4.23-8 Severity: normal Dear Maintainer,
I am using apache2 on a NAS with a very weak CPU. I have storing roughly 1000 images and subfolders in a folder, and am using Options +Indexes to read the list of files / directories. Getting the list up is painfully slow, and eventually fails if the folder is large enough. Apache config, edited to remove domain name: # vim: syntax=apache ts=4 sw=4 sts=4 sr noet <VirtualHost *:80> ServerName foo.example.com ServerAdmin webmas...@example.com DocumentRoot /srv ErrorLog ${APACHE_LOG_DIR}/foo.error.log CustomLog ${APACHE_LOG_DIR}/foo.access.log combined DirectoryIndex index.html <Directory /srv/> Options Indexes FollowSymlinks AllowOverride None Require all granted </Directory> <Location /> AuthType Basic AuthName "Access to top secret foo" AuthUserFile /etc/apache2/htpasswd Require valid-user </Location> </VirtualHost> I tried doing a strace on the apache process while the page was loading. Excerpt, censoring actual username, password hash: stat64("/srv/Images/IMG_20161013_082911/index.html", 0xbeea5408) = -1 ENOENT (No such file or directory) lstat64("/srv", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/srv/felles", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 lstat64("/srv/felles/Bilder", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 lstat64("/srv/Images", {st_mode=S_IFDIR|S_ISGID|0755, st_size=69632, ...}) = 0 lstat64("/srv/Images/IMG_20161013_082911", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/srv/Images/IMG_20161013_082911/index.html", 0xbeea5408) = -1 ENOENT (No such file or directory) open("/etc/apache2/htpasswd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 19 fstat64(19, {st_mode=S_IFREG|0640, st_size=313, ...}) = 0 read(19, "foo:$6$XXXXXXXX$XXXXXXXXXXXXXXX"..., 4096) = 313 close(19) = 0 lstat64("/srv/Images/IMG_20161014_173243.jpg", {st_mode=S_IFREG|0755, st_size=4159526, ...}) = 0 lstat64("/srv/Images/IMG_20161014_173243.jpg", {st_mode=S_IFREG|0755, st_size=4159526, ...}) = 0 open("/etc/apache2/htpasswd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 19 fstat64(19, {st_mode=S_IFREG|0640, st_size=313, ...}) = 0 read(19, "foo:$6$XXXXXXXX$XXXXXXXXXXXXXXX"..., 4096) = 313 close(19) = 0 lstat64("/srv/Images/IMG_20160920_172913.jpg", {st_mode=S_IFREG|0755, st_size=3290253, ...}) = 0 lstat64("/srv/Images/IMG_20160920_172913.jpg", {st_mode=S_IFREG|0755, st_size=3290253, ...}) = 0 open("/etc/apache2/htpasswd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 19 fstat64(19, {st_mode=S_IFREG|0640, st_size=313, ...}) = 0 read(19, "foo:$6$XXXXXXXX$XXXXXXXXXXXXXXX"..., 4096) = 313 i.e. it's reading the htpasswd file for every file and subfolder in the folder, and probably doing the password check for each of them. It's also looking for an index.html under each subfolder, but that's probably a separate issue and/or configurable. -- Package-specific info: -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: armhf (armv7l) Kernel: Linux 4.7.0-1-armmp (SMP w/1 CPU core) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages apache2 depends on: ii apache2-bin 2.4.23-8 ii apache2-data 2.4.23-8 ii apache2-utils 2.4.23-8 ii dpkg 1.18.15 ii init-system-helpers 1.46 ii lsb-base 9.20161101 ii mime-support 3.60 ii perl 5.24.1~rc3-3 pn perl:any <none> ii procps 2:3.3.12-3 Versions of packages apache2 recommends: ii ssl-cert 1.0.38 Versions of packages apache2 suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> pn www-browser <none> Versions of packages apache2-bin depends on: ii libapr1 1.5.2-4 ii libaprutil1 1.5.4-2 ii libaprutil1-dbd-sqlite3 1.5.4-2 ii libaprutil1-ldap 1.5.4-2 ii libc6 2.24-5 ii libldap-2.4-2 2.4.44+dfsg-1 ii liblua5.2-0 5.2.4-1.1+b1 ii libnghttp2-14 1.16.0-1 ii libpcre3 2:8.39-2 ii libssl1.0.2 1.0.2j-4 ii libxml2 2.9.4+dfsg1-2.1 pn perl:any <none> ii zlib1g 1:1.2.8.dfsg-2+b3 Versions of packages apache2-bin suggests: pn apache2-doc <none> pn apache2-suexec-pristine | apache2-suexec-custom <none> pn www-browser <none> Versions of packages apache2 is related to: ii apache2 2.4.23-8 ii apache2-bin 2.4.23-8 -- Configuration Files: /etc/apache2/sites-available/000-default.conf changed [not included] -- no debconf information