How to limit the number of concurrent CGI script invocations in Apache 2.2?

Question

How can I limit the number of concurrent CGI invocations in Apache 2.2.x?

More specifically, my problem is this: I have Apache hosting a Bugzilla instance and other stuff on one server. There's very little legitimate concurrent use of Bugzilla. However, it's trivial to mount a Denial of Service attack on the whole server by ignoring robots.txt and simply fetching a lot of bug pages that fork a process and hit a database.

score 1 · Answer 1 · answered Jun 25 '11 at 15:28

Well the answer greatly depends on your CGI process manager. With PHP-FPM via FastCGI, you'd modify pm.max_children. With FCGID you'd define either FcgidMaxProcesses and/or FcgidMaxProcessesPerClass. With FastCGI you'd most likely tweak maxClassProcesses or maxProcesses.

The documentation for whichever process manager you're using will have the exact syntax on details.

score 0 · Answer 2 · answered Nov 29 '10 at 12:17

0

you could use something like mod_cband to perform the throttling at a bandwidth rather than a process level.

answered Nov 29 '10 at 12:17

glob

265
1
4

1

Bandwidth is not the issue. Causing computation in MySQL is the issue. – hsivonen Jan 31 '11 at 10:05
mod_cband lets you set a max requests-per-second, which should help. – glob Feb 01 '11 at 05:27

How to limit the number of concurrent CGI script invocations in Apache 2.2?

2 Answers2