On 12/10/07, RB <[EMAIL PROTECTED]> wrote: > I dropped a pair of pfSense routers (1.2-RC3) in front of a rather > large client base - revolving door of about 350 clients per hour and a > running throughput of ~8Mbps. Everything went fine for a few hours, > then the lighttpd.error.log process started showing the following and > the whole system stopped passing traffic: > > (mod_fastcgi.c.1731) connect failed: Connection refused on > unix:/tmp/php-fastcgi.socket-0 > (mod_fastcgi.c.2885) backend died; we'll disable it for 5 seconds and > send the request to another backend instead: reconnects: 0 load: 194 > (mod_fastcgi.c.3496) all handlers for /indx.php on .php are down. > (mod_fastcgi.c.2703) fcgi-server re-enabled: uix:/tmp/php-fastcgi.socket-0 > > There were also numerous copies of this following as well, but were > happening before the failure and are occurring on the secondary as > well (with no seeming issue): > > (network_freebsd_sendfile.c.97) writev failed: can't assign requested address > 97 > (connections.c.603) connection closed: write failed on fd 97 > > I failed over to the secondary, rebooted the primary (turned CARP off > on it), and everything seems to be running okay for now. However, > looking in root's directory of the primary, there are several > 'lighttpd-upload-*' files with roughly the same timestamps as the > issue occurring, look like iCal files. What I presume happened was > that some Mac user connected and attempted to do a calendar sync > before authenticating; lighttpd/CP seems to have taken the uploads and > that precipitated some failure. Any alternate ideas or ideas about > preventing this from happening again? Of course, it really sucks that > the CP httpd is running as root.
Very very interesting. I agree that running the CP as root is a bad(TM) thing. This is something I want to address in the CP rewrite that is going to occur soon. But, in the meantime we need to find a way to prevent file uploads and minimize the HTTP POST allowed size. I'll do some digging but if anyone has a good way of turning off FTP uploads on lighty please let me know. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
