|
»
»
»
Multiple Hits to same JSP
|
View:
New views
10 Messages
—
Rating Filter:
Alert me
|
 |
Multiple Hits to same JSP
by Sameer Naik-2
::
Rate this Message:
Hi,
We are using Apache 2.0.53 + mod_jk 1.2.21 + tomcat 5.0.28 combination and seeing multiple hits to a single JSP file in quick succession, like 500 hits in a minute from same user ID and same IP address. Response code is 200 for all the requests. It is happening randomly from various user agents. Did anyone encounter such scenario? Can we log something in Apache logs to debug the issue? (We are already logging referrer, UA, byte range request values etc). Thanks, Sameer ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ |
|
|
Re: Multiple Hits to same JSP
by Alan Chaney
::
Rate this Message:
Have you checked to see whether or not they are real requests - that is,
coming from the web. If they are there's nothing anyone on this list can do... Try monitoring you network with something like wireshark. I have seen similar behavior - I think it may be from badly written spiders or feeble attempts to hack your site. If they are truly vindictive the only thing you can do is block them with a firewall. Regards Alan Chaney Sameer Naik wrote: > Hi, > > We are using Apache 2.0.53 + mod_jk 1.2.21 + tomcat 5.0.28 combination and seeing multiple hits to a single JSP file in quick succession, like 500 hits in a minute from same user ID and same IP address. Response code is 200 for all the requests. It is happening randomly from various user agents. Did anyone encounter such scenario? Can we log something in Apache logs to debug the issue? (We are already logging referrer, UA, byte range request values etc). > > Thanks, > Sameer > > > > ____________________________________________________________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ > > !DSPAM:4824bdee28727785049143! > --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Multiple Hits to same JSP
by Christopher Schultz-2
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Alan, Alan Chaney wrote: | Have you checked to see whether or not they are real requests - that is, | coming from the web. If they are there's nothing anyone on this list can | do... Not entirely. It's possible to write a throttling filter that might be able to reject some of these requests... the only question is if it is even useful to do in the first place. The processing and memory requirements might outweigh the benefits of rejecting the requests in the first place. Since all responses are 200 (success), you might just smile, say "hey, it's great that my web server can handle so many responses so fast with no errors" and sit back and relax. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgkzwIACgkQ9CaO5/Lv0PCewwCgoARLmKEmmkeXUpSqLG55jeuu Z+QAnRSVfn0fixB3yHLbUI0N4tgL8k8w =dujP -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Multiple Hits to same JSP
by Per Jonsson
::
Rate this Message:
Hi,
I hade a similar experience when I run the FireBug extention in FireFox. but there was not as many as 500 requests more like 20 under some circumstances. /Per Jonsson Christopher Schultz skrev: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Alan, > > Alan Chaney wrote: > | Have you checked to see whether or not they are real requests - that > is, > | coming from the web. If they are there's nothing anyone on this list > can > | do... > > Not entirely. It's possible to write a throttling filter that might be > able to reject some of these requests... the only question is if it is > even useful to do in the first place. The processing and memory > requirements might outweigh the benefits of rejecting the requests in > the first place. > > Since all responses are 200 (success), you might just smile, say "hey, > it's great that my web server can handle so many responses so fast with > no errors" and sit back and relax. > > - -chris > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkgkzwIACgkQ9CaO5/Lv0PCewwCgoARLmKEmmkeXUpSqLG55jeuu > Z+QAnRSVfn0fixB3yHLbUI0N4tgL8k8w > =dujP > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@... > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
|
|
|
Re: Multiple Hits to same JSP
by Alan Chaney
::
Rate this Message:
If you have an apache server fronting this there are IP address
controlled rate-limiting plug-ins like: http://www.topology.org/src/bwshare/README.html and http://dominia.org/djao/limitipconn2.html I have no experience of either of these. HTH Sameer Naik wrote: > We just had one more incident today, 3000 hits total in 5 minutes! User agent in MSIE 7.0. We have a load balancer and 3 apache servers behind it. Since Apache is logging the request in access, for sure, it is not generating flood itself. Then the culprit could be load balancer hardware, user's buggy browser or some proxy server in between. > > From the access logs, the request seems to be coming from genuine users. User's are either closing there browsers (no hits for some period) or logging out and trying again. The same page works fine when they do that. > > We are analyzing logs to come up with a pattern w.r.t. user agent. > > We cannot pat ourselves for serving so many requests, because every such time, tomcat thread count (set to 100) maxes out (we get a page), each thread borrows DB connection from pool, DB cache size goes to 100 and due to a bug/feature in Oracle connection (round robin feature for checking out connection), each one never gets cleaned up. so that increases sessions on oracle database server. > > > > ================ > had a similar experience when I run the FireBug extension in FireFox. > but there was not as many as 500 requests more like 20 under some > circumstances. > /Per Jonsson > Christopher Schultz skrev: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > Alan, > Alan Chaney wrote: > | Have you checked to see whether or not they are real requests - that > is, > | coming from the web. If they are there's nothing anyone on this list > can > | do... > Not entirely. It's possible to write a throttling filter that might be > able to reject some of these requests... the only question is if it is > even useful to do in the first place. The processing and memory > requirements might outweigh the benefits of rejecting the requests in > the first place. > Since all responses are 200 (success), you might just smile, say "hey, > it's great that my web server can handle so many responses so fast with > no errors" and sit back and relax. > - -chris > > > ----- Original Message ---- > From: Sameer Naik <sameergn@...> > To: users@... > Sent: Friday, May 9, 2008 2:07:30 PM > Subject: Multiple Hits to same JSP > > > Hi, > > We are using Apache 2.0.53 + mod_jk 1.2.21 + tomcat 5.0.28 combination and seeing multiple hits to a single JSP file in quick succession, like 500 hits in a minute from same user ID and same IP address. Response code is 200 for all the requests. It is happening randomly from various user agents. Did anyone encounter such scenario? Can we log something in Apache logs to debug the issue? (We are already logging referrer, UA, byte range request values etc). > > Thanks, > Sameer > > ________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. > > > ____________________________________________________________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ > > !DSPAM:4828b47c210943033718476! > --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Multiple Hits to same JSP
by Pid-2
::
Rate this Message:
What are the hits actually for, the same page or separate pages?
Is the requestor hitting a page and then getting all of the associated images, scripts, css etc? How many extra files per page do you have on average? A client with caching turned off, or behind a badly configured proxy/cache could conceivably cause an avalanche of 'hits' if you have a lot of extra files per page. Examine at the request headers using RequestDumperValve - but be aware it will generate a *lot* of data. Alternatively, if you know the user id, email them and ask what they're playing at. p Sameer Naik wrote: > We just had one more incident today, 3000 hits total in 5 minutes! User agent in MSIE 7.0. We have a load balancer and 3 apache servers behind it. Since Apache is logging the request in access, for sure, it is not generating flood itself. Then the culprit could be load balancer hardware, user's buggy browser or some proxy server in between. > >>From the access logs, the request seems to be coming from genuine users. User's are either closing there browsers (no hits for some period) or logging out and trying again. The same page works fine when they do that. > > We are analyzing logs to come up with a pattern w.r.t. user agent. > > We cannot pat ourselves for serving so many requests, because every such time, tomcat thread count (set to 100) maxes out (we get a page), each thread borrows DB connection from pool, DB cache size goes to 100 and due to a bug/feature in Oracle connection (round robin feature for checking out connection), each one never gets cleaned up. so that increases sessions on oracle database server. > > > > ================ > had a similar experience when I run the FireBug extension in FireFox. > but there was not as many as 500 requests more like 20 under some > circumstances. > /Per Jonsson > Christopher Schultz skrev: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > Alan, > Alan Chaney wrote: > | Have you checked to see whether or not they are real requests - that > is, > | coming from the web. If they are there's nothing anyone on this list > can > | do... > Not entirely. It's possible to write a throttling filter that might be > able to reject some of these requests... the only question is if it is > even useful to do in the first place. The processing and memory > requirements might outweigh the benefits of rejecting the requests in > the first place. > Since all responses are 200 (success), you might just smile, say "hey, > it's great that my web server can handle so many responses so fast with > no errors" and sit back and relax. > - -chris > > > ----- Original Message ---- > From: Sameer Naik <sameergn@...> > To: users@... > Sent: Friday, May 9, 2008 2:07:30 PM > Subject: Multiple Hits to same JSP > > > Hi, > > We are using Apache 2.0.53 + mod_jk 1.2.21 + tomcat 5.0.28 combination and seeing multiple hits to a single JSP file in quick succession, like 500 hits in a minute from same user ID and same IP address. Response code is 200 for all the requests. It is happening randomly from various user agents. Did anyone encounter such scenario? Can we log something in Apache logs to debug the issue? (We are already logging referrer, UA, byte range request values etc). > > Thanks, > Sameer > > ________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. > > > ____________________________________________________________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Multiple Hits to same JSP
by Christopher Schultz-2
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Sameer, Sameer Naik wrote: | due to a bug/feature in Oracle connection (round robin feature for | checking out connection), each one never gets cleaned up. That is a horrible problem. You can't re-use connections? I'd look at that before I tried to fix anything else. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgp6WYACgkQ9CaO5/Lv0PDeYgCgwUpfr9+L8aQQ4ZUUSbHYcTon 2QcAoL11W66WNtC5b8ubWxh4umerbPBp =t7i7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Multiple Hits to same JSP
by Johnny Kewl
::
Rate this Message:
--------------------------------------------------------------------------- HARBOR: http://coolharbor.100free.com/index.htm The most powerful application server on earth. The only real POJO Application Server. Making the Java dream come true. --------------------------------------------------------------------------- ----- Original Message ----- From: "Christopher Schultz" <chris@...> To: "Tomcat Users List" <users@...> Sent: Tuesday, May 13, 2008 9:17 PM Subject: Re: Multiple Hits to same JSP > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sameer, > > Sameer Naik wrote: > | due to a bug/feature in Oracle connection (round robin feature for > | checking out connection), each one never gets cleaned up. > > That is a horrible problem. You can't re-use connections? I'd look at > that before I tried to fix anything else. > - -chris For sure, and this is a wild guess, but I was wondering if this JSP page that does the phantom 3000 hits in 5 mins doesnt have some AJAX or Javascript in it. It may be something really silly like.. var SendStuffToBrowser_flag; [More stuff ending in some Ajax call or auto form submit] And most of the time its assuming false; But just now and then it loads as true and fires away at the server. ie its just some javascript no init'd... something like that. Be nice to see the JSP page that causes this weird flood... > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkgp6WYACgkQ9CaO5/Lv0PDeYgCgwUpfr9+L8aQQ4ZUUSbHYcTon > 2QcAoL11W66WNtC5b8ubWxh4umerbPBp > =t7i7 > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@... > To unsubscribe, e-mail: users-unsubscribe@... > For additional commands, e-mail: users-help@... > > --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
|
| Free Forum Powered by Nabble | Forum Help |