[ale] apache question.. slightly OT

greg at turnstep.com greg at turnstep.com
Mon Sep 10 21:10:14 EDT 2001 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> The Web site is behind a corporate firewall.  I get about
> 1500 hits a day.... not much. If I keep adding subnets to the
> allow from in the apache httpd.conf file, at what point will
> apache complain that there are too many?  10?, 15? 20? 

One data point I can give you is that I have had 443 entries 
in a deny table before with no noticeable performance hit. 
I don't think 20 or even 100 will be a problem. As far as a 
limit before apache complains, I don't think there is one 
to really speak of. From looking at the source (nice to be 
able to do that!) it appears that the access list is stuck into 
a linked list. So this gets loaded into memory at startup 
time and then searched each time (doesn't seem to be 
optimized though, although I could be wrong*) The only 
limit there is is running out of memory (not likely as we're 
storing IP numbers here, not works of Shakesepare) or running 
up against the value of "int" on your machine. Which should be 
more than enough. :) For those interested, take a look at 
src/modules/standard/mod_access.c to check out where apache 
actually creates and checks the access/deny lists.

* I suppose the optimization could be said to be left to the 
writer of the httpd.conf file, by arranging the most commonly 
used IPs first, so it will be found quicker during the linked 
list traversal.

The bottom line is, I would not worry about it until you hit 
perhaps a 1000 entries. I'd test with 'ab' and see if it mattered 
then - I suspect not. One small suggestion I can give is to make 
each IP it's own Allow line, just so the httpd.conf file 
is easier to maintain.


Greg Sabino Mullane
greg at turnstep.com
PGP Key: 0x14964AC8 200109102101

-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html

iQA/AwUBO51j7LybkGcUlkrIEQJGPQCfZQGtyZEynGcftLYz2Q9XY4O5hhwAniLi
szNkfIZJDX6guUuhE40mWyJt
=Dmff
-----END PGP SIGNATURE-----

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list