Nginx hang and do not respond with large number of network connection in FIN_WAIT state

Peter Booth peter_booth at me.com
Fri Jan 11 04:06:44 UTC 2019


How do you know that this is an attack and not “normal traffic?”
How are these requests different from regular requests?
What do the weblogs say about the “attack requests?"


> On 10 Jan 2019, at 10:30 PM, gnusys <nginx-forum at forum.nginx.org> wrote:
> 
> My Current settings are higher except the worker_process
> 
> worker_processes  1;
> worker_rlimit_nofile 69152;
> worker_shutdown_timeout 10s;
> thread_pool iopool threads=32 max_queue=65536;
> 
> 
> I think the issue is that nginx accumulate ESTABLISHED and CLOSE_WAIT and
> FIN_WAIT1
> 
> From successive netstat -apn listing I see that it is the CLOSE_WAIT that is
> sky-rocketing first
> 
> then eventually ESTABLISHED and FIN_WAIT1
> 
> 
> The million dollar question is why Apache httpd is handling this situation
> of attack quite well on the same server while having Nginx as a reverse
> proxy hangs the web stack by TCP state exhaustion?
> 
> The symptoms are similar to what is mentioned at
> https://blog.cloudflare.com/this-is-strictly-a-violation-of-the-tcp-specification/
> 
> Only thing is that I don't know what must be changed in the config etc to
> fix this problem in nginx
> 
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282613,282645#msg-282645
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list