I'm trying to track down a persistent but intermittent problem we've been having with mod_qos, generating QS_ClientEventBlockCount violation errors. We've gotten these in the past when people have too many broken links on their pages, for generating too many 400/500 class responses in too short a time, because our mod_qos config is set up to do exactly that:
This time though, I'm not seeing many 400's or 500's. I wondered about hits on those last two rules, so I set up a custom log, which I think should be logging every access that results in a QS_Block:
...with only a single entry in my custom log. Clearly my custom log isn't doing what I thought it would. Can anyone offer any advice on how to log accesses that result in QS_Block being set?
Thanks for any advice,
- rob.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Rob
CustomLog is only triggered when serving HTTP requests but mod_qos may block connections too.
The documenation http://opensource.adnovum.ch/mod_qos/#QS_SetEnvIfStatus states: The NullConnection event may happen silently (no log message) expect when using LogLevel debug. The parameter may be used to defend against SSL DoS attacks. Please pay attention to the fact that unused speculative TCP pre-connections of browsers may unintentionally cause this event as well.
Regars, Pascal
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Gah! Feel like a bit of an idiot; read that bit of documentation, but didn't catch what it meant in terms of my problem. I tried swapping to LogLevel debug to catch any NullConnection events, but I'm not seeing anything. On the other hand, I tried commenting out the QS_SetEnvIfStatus NullConnection QS_Block
line and I can no longer seem to generate the error, so I might let it run for awhile to see if that stops the problem (it was always intermittent in the first place.)
Thanks for your helpful - and speedy! - response,
- rob.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi folks,
I'm trying to track down a persistent but intermittent problem we've been having with mod_qos, generating QS_ClientEventBlockCount violation errors. We've gotten these in the past when people have too many broken links on their pages, for generating too many 400/500 class responses in too short a time, because our mod_qos config is set up to do exactly that:
QS_ClientEventBlockCount 20 300 QS_SetEnvIfStatus 400 QS_Block QS_SetEnvIfStatus 401 QS_Block QS_SetEnvIfStatus 403 QS_Block QS_SetEnvIfStatus 404 QS_Block QS_SetEnvIfStatus 405 QS_Block QS_SetEnvIfStatus 406 QS_Block QS_SetEnvIfStatus 408 QS_Block QS_SetEnvIfStatus 411 QS_Block QS_SetEnvIfStatus 413 QS_Block QS_SetEnvIfStatus 414 QS_Block QS_SetEnvIfStatus 417 QS_Block QS_SetEnvIfStatus 500 QS_Block QS_SetEnvIfStatus 503 QS_Block QS_SetEnvIfStatus 505 QS_Block QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block QS_SetEnvIfStatus NullConnection QS_BlockThis time though, I'm not seeing many 400's or 500's. I wondered about hits on those last two rules, so I set up a custom log, which I think should be logging every access that results in a QS_Block:
...but I get one of these:
...with only a single entry in my custom log. Clearly my custom log isn't doing what I thought it would. Can anyone offer any advice on how to log accesses that result in QS_Block being set?
Thanks for any advice,
Hi Rob
CustomLog is only triggered when serving HTTP requests but mod_qos may block connections too.
The documenation http://opensource.adnovum.ch/mod_qos/#QS_SetEnvIfStatus states: The NullConnection event may happen silently (no log message) expect when using LogLevel debug. The parameter may be used to defend against SSL DoS attacks. Please pay attention to the fact that unused speculative TCP pre-connections of browsers may unintentionally cause this event as well.
Regars, Pascal
Gah! Feel like a bit of an idiot; read that bit of documentation, but didn't catch what it meant in terms of my problem. I tried swapping to LogLevel debug to catch any NullConnection events, but I'm not seeing anything. On the other hand, I tried commenting out the
QS_SetEnvIfStatus NullConnection QS_Blockline and I can no longer seem to generate the error, so I might let it run for awhile to see if that stops the problem (it was always intermittent in the first place.)
Thanks for your helpful - and speedy! - response,