question about nginx, slowloris and fastcgi

Maxim Dounin mdounin at mdounin.ru
Wed Jul 1 17:44:17 MSD 2009


Hello!

On Wed, Jul 01, 2009 at 03:19:08PM +0200, Michiel van Es wrote:

> 
> 
> -------- Original Message --------
> Subject: Re: question about nginx, slowloris and fastcgi
> From: Maxim Dounin <mdounin at mdounin.ru>
> To: nginx at sysoev.ru
> Date: 07/01/2009 02:30 PM
> 
> > Hello!
> > 
> > On Wed, Jul 01, 2009 at 01:59:31PM +0200, Michiel van Es wrote:
> > 
> >> Hi,
> >>
> >> i am new to Nginx and I am testing the latest stable Nginx as webserver
> >> with slowloris.
> >> When I test slowloris on my php enabled website I see Nginx running to
> >> 100% and get the following error:
> >>
> >> 500 Internal Server Error
> >>
> >> I don't think Nginx crashes (although the 100% cpu concerns me) but I
> >> think fastcgi/php is crashing.
> > 
> > What's in error_log?
> 
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
> files)
> 
> > 
> > Symptoms suggest that you've run out of file descriptors in your 
> > OS.  At start nginx tries to warn you about the problem if 
> > worker_connections are more than open file resource limit, but 
> > even this isn't enough (since every connection usually allocates at 
> > leas 2 file descriptors, and system-wide limit for all processes 
> > isn't taken into account).
> 
> You're right but how can I stop this?

See your OS tuning guides.  Under FreeBSD use something like:

sysctl kern.maxfiles=65535
sysctl kern.maxfilesperproc=60000

Note that other OS limits likely needs tuning too.

> Or how canI stop the slowloris attack..is it php fastcgi which is
> vulnerable to the slowloris DoS?

When nginx with fastcgi_pass used in front of fastcgi - slowloris 
attack won't reach fastcgi.

Maxim Dounin





More information about the nginx mailing list