Number of http connections client vs server, how to count?

postcd

New Member
Hello,

i can use tools like https://tools.pingdom.com , http://gtmetrix.com , Firefox/CHrome developer console to count number of HTTP port 80/443 requests, BUT i want to ask if this match/is same with number of network connections that the web server accepts using netfilter/iptables (firewall, or a network interface) in relation to that particular web page load.

I know there is keep-alive, cloudflare, nginx proxy and such. How i can count real number of connections that iptables/firewall accepts regardign one particular web page load? I can also see access_log number of GET requests, but again, unsure if this is acurate with netfilter connections.

I am on Linux CentOS 6 and using Apache PHP, suPHP, Keep-alive, gzip compression

(My aim is to find right value for the config server firewall PORTFLOOD option)

Thank You
 
Last edited:


Lazydog

Member
I think the real question is how many concurrent connections can your server handle at any single point in time? Once you know this you want to then decide how many of those concurrent connection do you want to allow a signal ip address to consume. I say this because I can configure my web browser to make 32 connections at one time per request. So now I'm using 32 of your allotted connection that you can handle. It is a balancing act when you want to start limiting connection. How much can you limit before you cause issue for your users.
 

postcd

New Member
I think the real question is how many concurrent connections can your server handle at any single point in time?
Max Clients [?]
This directive sets the limit on the number of simultaneous requests that will be served. This interface allows up to the value of the ServerLimit setting.
I have it set to 200 now and usually 20 is used when i check httpd full status: service httpd fullstatus|grep HTTP/1.1"|wc -l
 

Lazydog

Member
Here is my opinion and everyone's is going to differ.

If you are not experiencing issues at this time I would not worry about limiting the amount of connections. I would keep an eye on it and even take stats at different times of the day to get a good idea of usage and see when the system is getting used most often. Once you have this you can then make a better decision on what and/or what limitation you need to put in place.

If you want to see what is connected right now you could use 'conntrack -L' it'll show you all the connecting. Using GREP you can limit the output to only what you want to see.
 


Members online


Top