huge number of apache connections

Data center / Rack server
January 3, 2009 at 19:47:53
Specs: CENTOS Enterprise 4.6 i686, P4 dual 3GHz/1GB
I provide Linux/Apache website hosting. To try to prevent overloading on the server, I wrote a script that does netstat -plan|grep :80 then sorts and counts the number of connections each IP has. 99% of the time, visitors to the sites hosted never have more than a few connections at one time, but sometimes they do have many connections, especially when going to a web page of thumbnail images. I've tested it going to a page like that on 56k dialup and on 10mbps high speed and my IP never had more than a half dozen connections, so my script automatically blocks IPs with more than 50 connections at one time because apache can only handle a limited number of connections at a time, so when someone has that many, they limit other visitors connections.

One of my customers websites has a page with over 200 thumbnail images and my script just blocked someone who had 200 simultaneous connections to that page. Dialup might download a few at a time, but not all at once, and high speed would have them done fast, but the IP had 200 connections for a few seconds, preventing anyone else from being able to go to any websites.

Like I said earlier, I tested it myself on dialup and fairly high speed on that page of thumbnail images and never had more than a few connections, so my question is:
Does anyone know what can explain a visitor having over 100 connections at one time? Could there be a legitimate reason for this?

A big thanks to anyone who may have an answer to this.

See More: huge number of apache connections

Report •

January 3, 2009 at 21:24:53
What was the IP address? I could probably give you a better answer but off the top of my head, suppose it was an art class or photography class and they all needed thumbnails? That would explain the connections if they were all through the same router.

Report •

January 3, 2009 at 22:08:39
In this particular case, the IP is

OrgName: Kaiser Permanente Medical Care Program
Address: 25 North Via Monte
Address: Network Design and Engineering
City: Walnut Creek
StateProv: CA
PostalCode: 94598
Country: US

NetRange: -
NetHandle: NET-162-119-0-0-1
Parent: NET-162-0-0-0-0
NetType: Direct Assignment
NameServer: CA1-DNS.KP.ORG
NameServer: MD1-DNS.KP.ORG
RegDate: 1992-11-04
Updated: 1999-10-14

RTechHandle: IK1-ARIN
RTechName: Kaiser Foundation Health Plan, Inc.
RTechPhone: +1-925-926-5781
RTechEmail: hostmaster kp org

OrgTechHandle: IK1-ARIN
OrgTechName: Kaiser Foundation Health Plan, Inc.
OrgTechPhone: +1-925-926-5781
OrgTechEmail: hostmaster kp org


This particular page is soap box derby photos, so I don't think there would be several people from the same place going to the same page, but you never know. This particular page is

Report •

January 4, 2009 at 06:56:30
I agree. I don't think that there would be a need for them to have so many connections.

Send an email to:

Explain to them that there is a possibility that an unauthorized user is using their connection and to please check their security, especially if wifi is being used.

In a sense, it doesn't really matter because your script worked but it doesn't hurt to send the email anyway.

Let me know what their response is.

Report •

Related Solutions

January 4, 2009 at 07:43:46
I emailed them. Maybe they can tell me why there were so many connections. If I hear back, I'll let you know what they say.

Report •

January 4, 2009 at 15:34:28

Report •

Ask Question