Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
possible SYN flooding on port 80. Sending cookies.
На сервере установлен nginx/0.5.26 + php-cgi 5.2.5 через fastcgi.
Нагрузка ~ 4000 уникальных посетителей в час.
В /var/log/messages каждые 10-20 минут появляется сообщение
kernel: possible SYN flooding on port 80. Sending cookies.
netstat -n -p|grep SYN_REC | wc -l
показывает от 30 до 250 соединений SYN_REC, причем если соединений
больше 100, то 80 из них - это один ip, потом он исчезает, появляется
другой ip, и так далее.
Раз в сутки сервер стабильно виснет, не оставляя ничего в логах, кроме
possible SYN flooding on port 80. Sending cookies. Так, что админам
приходится ребутить руками. В рабочее время нагрузка на нем почти ноль.
Может ли причиной быть кривая конфигурация/баг в nginx? (конфиг в аттаче)
Типичный случай:
netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
122.50.182.117
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
70.245.13.128
75.57.133.196
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
70.245.13.128
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
24.99.246.104
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
60.50.160.90
72.234.1.154
60.50.160.90
60.50.160.90
60.50.160.90
24.99.246.104
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
70.245.13.128
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
24.99.246.104
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
70.245.13.128
60.50.160.90
60.50.160.90
70.245.13.128
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
60.50.160.90
70.245.13.128
user nginx;
worker_processes 4;
#error_log /var/log/nginx/error.log;
error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
server_names_hash_bucket_size 64;
#gzip on;
server {
listen 80;
server_name somedomain.com;
#access_log /var/www/somedomain.com/log/access main;
access_log /var/www/somedomain.com/log/access main;
error_log /var/www/somedomain.com/log/error notice;
root /var/www/somedomain.com/data;
index index.php;
location ~ /\.ht {
deny all;
}
location ~* ^.+\.(class|inc)$ {
deny all;
}
location ~* ^\/(\d+)\/(\d+)\/(.+)$ {
rewrite ^\/(\d+)\/(\d+)\/(.+)$ /$3?$args last;
break;
}
location ~* ^\/(\d+)\/(\d+)\/?$ {
rewrite ^\/(\d+)\/(\d+)\/?$
/index.php?page=$1&aff=$2&$args last;
break;
}
location ~* ^.+\.php$ {
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi.conf;
}
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?request_uri=$1
last;
break;
}
}
}
}
|