The server is running Apache/2.2.15 on CentOS 6.2.
The web server is running normally with good performance. In our application, we have another office accessing the web server heavily. The devices in that office share one external IP to the internet (NAT). The users there have much difficulty to access the web server.
After investigation, it is caused by the SYN packet sent from the office does not always receive the SYN-ACK packet. It seems there is somewhere dropping the packet to avoid SYN flood. We have looked into the firewall and iptables in the web server and nothing is found. By netstat, I can see that there are much SYN_RECV entry for the office IP.
1. How to completely remove the SYN flood protection of CentOS / Apache. The connections are legitimate.
2. Will the performance of Apache suffer if most of the clients share the same IP?
Thanks in advance.
Slow web server
Re: Slow web server
If you are correct about that being CentOS 6.2 then you really really need to yum update ASAP to get to 6.6.
6.2 was released in December 2011 so you are more than 3 years out of date and there have been numerous severe security vulnerabilities discovered and patched in that time. As a side effect, maybe whatever issue you are experiencing will also be fixed when you update.
6.2 was released in December 2011 so you are more than 3 years out of date and there have been numerous severe security vulnerabilities discovered and patched in that time. As a side effect, maybe whatever issue you are experiencing will also be fixed when you update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Slow web server
This is probably a really bad idea, but generally anything marked as INVALID in the firewall could match on syn flood (as it we've had the syn, sent out the syn+ack and had no ack in the timeout). The sysctl net.ipv4.tcp_syncookies sets the syn cookies function. I suspect the premise here is false.1. How to completely remove the SYN flood protection of CentOS / Apache. The connections are legitimate.
Nobody can answer this question! Apache doesn't care about the fact that multiple requests are coming from the same address (unless you have something like mod_security or something like that). Put another way, would the performance of Apache suffer if lots more requests are put to it? Then yes, it has to do more work. Would the user perceived performance change? Well that depends on the application(s).2. Will the performance of Apache suffer if most of the clients share the same IP?
Re: Slow web server
Also if you are using the iptables -m recent module then that might kick in if all requests come from the same IP.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke