question about nginx, slowloris and fastcgi

Michiel van Es info at pcintelligence.nl
Wed Jul 1 17:19:08 MSD 2009



-------- Original Message --------
Subject: Re: question about nginx, slowloris and fastcgi
From: Maxim Dounin <mdounin at mdounin.ru>
To: nginx at sysoev.ru
Date: 07/01/2009 02:30 PM

> Hello!
> 
> On Wed, Jul 01, 2009 at 01:59:31PM +0200, Michiel van Es wrote:
> 
>> Hi,
>>
>> i am new to Nginx and I am testing the latest stable Nginx as webserver
>> with slowloris.
>> When I test slowloris on my php enabled website I see Nginx running to
>> 100% and get the following error:
>>
>> 500 Internal Server Error
>>
>> I don't think Nginx crashes (although the 100% cpu concerns me) but I
>> think fastcgi/php is crashing.
> 
> What's in error_log?

2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)
2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
files)

> 
> Symptoms suggest that you've run out of file descriptors in your 
> OS.  At start nginx tries to warn you about the problem if 
> worker_connections are more than open file resource limit, but 
> even this isn't enough (since every connection usually allocates at 
> leas 2 file descriptors, and system-wide limit for all processes 
> isn't taken into account).

You're right but how can I stop this?
Or how canI stop the slowloris attack..is it php fastcgi which is
vulnerable to the slowloris DoS?

> 
> Maxim Dounin

Michiel

> 
>> Are other people using Nginx and fastcgi/php are also experiencing this
>> behaviour and is there a fix to ensure that my website is still running
>> when slowloris is checking?
>>
>> Kind regards,
>>
>> Michiel
>>
>>
> 





More information about the nginx mailing list