HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Number of TCP connections

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#67651 (In Topic #14415)
Avatar

Well-settled

Ok, so… I don't know why but I had a hard time getting this editor to load up. Maybe its related to the problem I am having somehow. I am not really sure. Sorry if this is mentioned somewhere already but I couldn't find it.

The issue is that there are too many TCP connections being made from ocPortal. I get a message from my firewall like this:
Time:        Tue Mar 22 03:59:58 2011 -0400
IP:          x.x.x.x (XX/Xxxxxx/x-x-x-x.sub.domain.tld)
Connections: 307
Blocked:     Temporary Block (IP match in csf.allow, block may not work)

Connections:
tcp: x.x.x.x:39640 -> y.y.y.y:80 (TIME_WAIT)
tcp: x.x.x.x:39641 -> y.y.y.y:80 (TIME_WAIT)
tcp: x.x.x.x:39642 -> y.y.y.y:80 (TIME_WAIT)
tcp: x.x.x.x:39643 -> y.y.y.y:80 (TIME_WAIT)
tcp: x.x.x.x:39644 -> y.y.y.y:80 (TIME_WAIT)
tcp: x.x.x.x:39645 -> y.y.y.y:80 (TIME_WAIT)
tcp: x.x.x.x:39646 -> y.y.y.y:80 (TIME_WAIT)
tcp: x.x.x.x:39647 -> y.y.y.y:80 (TIME_WAIT)
 
And it goes on to list all 307 connections. x.x.x.x is my IP and y.y.y.y is my servers IP. If my IP wasn't on the firewalls whitelist I would have been banned from the server just by using ocPortal. I am not sure what the cause of this is exactly, or how to fix it but it doesn't happen with any other software. I don't imagine its a good thing or that it will be too hard to track down since it's making so many connections. Maybe it's when browsing the admin zone? Maybe it's the chat? I can't say exactly but I am using CSF for my firewall and it will block people who try to access an ocportal install. I don't believe I had this problem with previous versions before 6. I know it was ocPortal that caused it because I was setting up ocPortal when I got this message from my firewall.

Looking pretty good :)  Thank you!
Back to the top
 
Posted
Rating:
#67652
Avatar

Hi,

It shouldn't be possible for ocPortal to do this even if there were bugs, because web browsers impose a connection limit – only a certain number of URLs may be downloaded simultaneously.

Ignoring this, if something was going to cause problems I'd say the site-wide-IM option, or someone sitting in the chat room.

If you have control over the server enable ExtendedStatus of Apache's mod_status module, give yourself permissions to it and see the list of active requests.
Apache server view performance status with mod_status configuration


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#67665
Avatar

Well-settled

Hey Chris,

OK, gotcha. So then by the sounds of it something else must have caused it then. I did that server-status thing but I haven't seen any problems. I don't know how to reproduce it so maybe it was something else. I don't know. I don't mean to blame ocPortal or something evil like that but I just was using it at the time so figured that is what it was and thought I should mention it. But obviously it wasn't ocPortal then by the sounds of things. So I guess I can just forget about it for now. It has happened 2 times so far but I can't find anything in any Apache logs about it anywhere on any site on the server. So maybe its even an SVN or something… time will tell I suppose.

On a side note, I just upgraded the site in question to 6.0.1 and didn't seem to have any troubles with the firewall there either. Except for that there is a rather large number of files listed under the integrity scanner under the 2nd and 3rd sections for some reason saying I have missing and outdated files, which doesn't make much sense to me since I just upgraded. Maybe I have to download the full install and reinstall?

Anyway, really awesome stuff! I am slowly converting many of my sites to ocPortal. I am planning to also do my main site, slowly but surely, which gets between 500-5000 unique visits a day. So it will be neat to see how that works out! New themes will definitely come from all of this (and an upgraded one if its even necessary). Thanks for all your hard work!
Back to the top
 
Posted
Rating:
#67672
Avatar

which doesn't make much sense to me since I just upgraded. Maybe I have to download the full install and reinstall?

If a version was skipped without the upgrades going back far enough to account for it it could cause that. I'd try generating an upload TAR for 6.0.0 beta1 to 6.0.1 and upgrading from that.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#67717
Avatar

Well-settled

Fair enough. I will see if that helps. Thanks =)
Back to the top
 
Posted
Rating:
#68661
Avatar

Well-settled

Hi Chris,

Sorry to bring up this somewhat old topic but I believe I have discovered what the problem is here.

I had this happen again when I was upgrading my ocPortal sites which I am building slowly and this time I quickly analyzed the Apache access log files.

What happened is that I simply browsed to various pages too quickly which contain many requests to images, js, css files, etc. and within a 1 minute period of casually clicking the links it actually made over 750 request to the server.

It seems many of them were in the admin zone. So I have no set the connection limit higher which should still help prevent attacks and get past these issues hopefully.

However, perhaps there should be some sort of built in option which we could set or disable which could limit the time between page requests so this sort of thing doesn't happen to other people?

I know you say the browser should have limitations but clearly it doesn't limit it enough. I am using the Linux version of Firefox 4 but I used to have this happen with Firefox 3 as well.

Just thought I would let you know =)

Ryan
Back to the top
 
Posted
Rating:
#68667
Avatar

Thanks for explaining. I don't think there's anything we can do at the ocPortal level. I think Apache has ways to configure this. If it's images etc it is not going through ocPortal at the request/response points anyway.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#68670
Avatar

Well-settled

Hmm, is it possible to make an addon which reads all of the images and turns them into a single image, and compress those and all the CSS and JS files before output? Then it would make far fewer requests at once from a single connection.
Back to the top
 
Posted
Rating:
#68671
Avatar

No, <img> tags work off a full image, they don't do offsets.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: