Ala', Are you sure that the problem is with "max_connections" or "max_connection_errors". if the first then you have a capacity issue that you need to overcome (check you're apache configuration for your connection time out and time to keep your connection pooled "use the module if necessary) if the second is what causing the problem, then you have to review your PHP code to make sure that half open DB connections are eliminated (or the reason for your db connections are accumilating with errors).
as for the iptables -m limit extension; I don't think it would be much of help, since it works on a connection syment not a logical connection, but you can make use of the syn-flood (if you think your getting one) by: /sbin/iptables -A INPUT -i eth0 -p tcp --syn -j syn-flood /sbin/iptables -A syn-flood -m limit --limit 10/s --limit-burst 15 -j RETURN /sbin/iptables -A syn-flood -j DROP base idea, you have to know for sure what is going on on your wire, and then decide what to do (start by monitoring the site, and make sense out of the times at which your glitches occure) hope this help. Note: I don't see turing off PHP persistant connection going anywhere but aside from helping you, you might fight HTTP connections but you're loose DB connections as well (just a thought) > Actually it is possible using iptables, use the -m limit module. > I'll check it out for you when I get off work. > > On 10/23/05, Ala'a Ibrahim <[EMAIL PROTECTED]> wrote: >> >> hi all, >> I have this problme on one of the servers, I have this site, that runs >> smoothly with no problems (php, and mysql), but at one point the site >> suffers from too any connections to the database, on the other times no >> problems with this site. >> I've mad the maximum connections at some to 1000 but the same problem >> remains, I've checked the code, all of the connections are closed, and >> there >> is no persistant connections used, all of them are mysql_connect, I've >> also >> turned off the mysql.allow_persistent in the php.ini, but the same >> problem >> is there. >> I'm suspecting an attack on the site is happining at some time (perhaps >> a >> DoS), does anybody have any idea. >> I'm thinking if there is a way in apache to set that if some ip is >> making >> an n calls in an x period of time, to block that ip for some period of >> time. >> (is this possible, and how). >> >> -- >> Ala'a A. Ibrahim >> http://360.yahoo.com/bai_83 >> http://alaa83.blogspot.com/ >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://mail.jolug.org/mailman/listinfo/general_jolug.org >> >> >> > > > -- > abulyomon > > www.KiLLTHeUPLiNK.com <http://www.KiLLTHeUPLiNK.com> > _______________________________________________ > General mailing list > [email protected] > http://mail.jolug.org/mailman/listinfo/general_jolug.org > _______________________________________________ General mailing list [email protected] http://mail.jolug.org/mailman/listinfo/general_jolug.org
