Willy Tarreau a écrit :
>> no, no, real requests to existing files. I've add some kind of attack >> (about 100 000 requests per day for a partial download on the same >> file), but usually, i got about 100/300 requests per day without any ip >> in the forwarded_for field.
i've disabled option httpclose since some clients have add problems (incomplete downloads), and disabling httpclose solve these problems.
I've set keepalive_timeout to 0 in nginx and the problem seems to have disappeared.
here is the main conf of nginx :
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# configure log format
log_format main '$http_x_forwarded_for - $remote_user [$time_local]
' '"$request" $status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
sendfile on;
tcp_nopush on;
keepalive_timeout 0;
tcp_nodelay on;
....
}
for haproxy :
global
log 127.0.0.1 local0 notice
maxconn 32000
ulimit-n 65536
user haproxy
group haproxy
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
contimeout 5000
clitimeout 50000
srvtimeout 50000
timeout connect 10s
timeout check 10s
listen webfarm-1 :80
maxconn 32000
log global
stats enable
stats auth root:jp09lk
balance
option forwardfor
option httpchk
option httplog
option logasap
Thanks,
Florian Received on 2008/04/01 09:22
This archive was generated by hypermail 2.2.0 : 2008/04/01 09:31 CEST