-
The default EP limit is set to 20 which means 20 entry processes are available for single user. The Entry Process is actually a connection apache->PHP which are usually fast. In case of slow loris attack this can help keeping other users secure and working normally. -
Right now it is not on a CloudLinux server. Yes, they are PHP sites with large MySQL databases.Leave a comment:
-
Are they PHP sites? Is it happening on CloudLinux server now? What are the limits and were there any faults? Please check the results with this command:
Setting the Entry Processes (EP) limit is crucial for controlling the number of connections to Apache in a CloudLinux environment. EP limits prevent a single user from exhausting all Apache connections, ensuring that other users can still access their sites. By managing EPs, users hitting their limits will receive an error instead of slowing down the server for everyone else.Code:lveinfo --period 24h --by-fault any
Leave a comment:
-
how to mitigate slow loris attacks when moving account to cloudlinux?
I have an account that a couple of times a week gets overloaded by what I think is called a slow loris attack. Apachectl status shows all or almost all W's and all the sites stop responding. It takes down the whole server for 5-10 minutes until the traffic clears or until I go in and restart apache. I am preparing to move it to a new server with cloudlinux installed along with all the LVE stuff including the sql governor. My question is what I should do to prepare the new server for moving this account? Are there steps I can take to head this off before the move? The new server is much more powerful than the old but still concerned about these repeated attacks.
I am assuming that CL will prevent the other three accounts on the new server from lagging out even if this other account is hit but what can I do to ensure this is a good move overall? We are already using a paid version of Cloudflare. Also running CSF for a firewall.
Leave a comment: