question about nginx, slowloris and fastcgi

Michiel van Es info at pcintelligence.nl
Thu Jul 2 00:22:30 MSD 2009 


Maxim Dounin wrote:
> Hello!
> 
> On Wed, Jul 01, 2009 at 03:19:08PM +0200, Michiel van Es wrote:
> 
>>
>> -------- Original Message --------
>> Subject: Re: question about nginx, slowloris and fastcgi
>> From: Maxim Dounin <mdounin at mdounin.ru>
>> To: nginx at sysoev.ru
>> Date: 07/01/2009 02:30 PM
>>
>>> Hello!
>>>
>>> On Wed, Jul 01, 2009 at 01:59:31PM +0200, Michiel van Es wrote:
>>>
>>>> Hi,
>>>>
>>>> i am new to Nginx and I am testing the latest stable Nginx as webserver
>>>> with slowloris.
>>>> When I test slowloris on my php enabled website I see Nginx running to
>>>> 100% and get the following error:
>>>>
>>>> 500 Internal Server Error
>>>>
>>>> I don't think Nginx crashes (although the 100% cpu concerns me) but I
>>>> think fastcgi/php is crashing.
>>> What's in error_log?
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>> 2009/07/01 13:43:01 [alert] 25226#0: accept() failed (24: Too many open
>> files)
>>
>>> Symptoms suggest that you've run out of file descriptors in your 
>>> OS.  At start nginx tries to warn you about the problem if 
>>> worker_connections are more than open file resource limit, but 
>>> even this isn't enough (since every connection usually allocates at 
>>> leas 2 file descriptors, and system-wide limit for all processes 
>>> isn't taken into account).
>> You're right but how can I stop this?
> 
> See your OS tuning guides.  Under FreeBSD use something like:
> 
> sysctl kern.maxfiles=65535
> sysctl kern.maxfilesperproc=60000
> 
> Note that other OS limits likely needs tuning too.

I have to tune CentOS file handles and network proc's right?
And then it should protect me from slowloris?

> 
>> Or how canI stop the slowloris attack..is it php fastcgi which is
>> vulnerable to the slowloris DoS?
> 
> When nginx with fastcgi_pass used in front of fastcgi - slowloris 
> attack won't reach fastcgi.

What is the fastcgi_pass? Is it included in the nginx installation?
I am using a rather old nginx install from the Epel repositories for CentOS.

> 
> Maxim Dounin
> 
Michiel

More information about the nginx mailing list