# httpd.conf: MaxClients includes persistent connections or...?



## michaelsanford (Mar 19, 2003)

> # Limit on total number of servers running, i.e., limit on the number
> # of clients who can simultaneously connect --- if this limit is ever
> # reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
> # It is intended mainly as a brake to keep a runaway server from taking
> ...



This might be a dumb question, but does this number take into account mutliple connections per client? That is, does 200 refer to 200 unique computers connecting to my system or to 200 connections?

I assume it means 200 unique computers, and those unique computers can have up to "MaxRequestsPerChild" connections?

Incidentally, if this limit is reached and someone is locked out, what error page will they receive?

I'm running my personal site (see sig) from my iMac on a DSL, and traffic is pretty low, but to make sure I don't saturate my poor little line, and slow my computer to a crawl, I'm trying to optimize Apache so the (at most 3-5) simultaneous unique users can still see stuff reasonably well, but more than that will be locked out.


----------



## Darkshadow (Mar 19, 2003)

Nope, it's 200 connections, not 200 unique connections.  Found this out the other day by a runaway php script - I forgot to have it exclude a search from the localhost, and it did one nasty bit of recursion when I tested it out.  Hit the max clients in about 4 seconds.  I dunno if it displays a page or not, as it was still in the process of displaying one page 

I did get a lot of "Max Client reached" errors in the error log, though.

Had to kill apache to stop it from running, too.  It wouldn't stop


----------



## michaelsanford (Mar 19, 2003)

Excellent thanks DarkShadow, that's goin' down to 75 

I'm curious about this script of yours haha.


----------



## Darkshadow (Mar 20, 2003)

Err...one to attack back when the nimda worm attacks.  Made a /scripts/root.exe (told apache that .exe is a php script) so that when the worm looks for it, it tries to shut down the server on the machine it came from.  Not largely successfull, but it works sometimes.  I was testing it out, and since it came from the localhost, it hit the root.exe script again...and again...and again. I was just expecting it to display a page that says 'Go Back The Way You Came' as I wasn't the worm attacking.  Oops on my part.  I didn't even notice at first, until I noticed the error log scrolling up lines of Max Client reached.

Heck, I actually had to stop apache _twice_, because the first time I didn't wait long enough for all of the httpd processes to die, so when I restarted it, it kept processing the same request.

It's a learning experience. Heh


----------



## michaelsanford (Mar 20, 2003)

That's a cool idea!

How do you kill the machine it came from though? DoS


----------



## Darkshadow (Mar 20, 2003)

Hmm...code red opens up a back door where it gives a person administration rights to the system via http, which the nimda worm capitalized on.  So the legalness of it is...questionable, I suppose.  You _could_ do some bad things that way, but all I'm doing is trying to stop the IIS service.  Like I said, it's not very successfull, it may shut down the service one out of a 100 times (maybe not even that).

If you look at your access log, you can see how nimda tests for the vulnerability - changing the commands passed is all that's needed....


----------

