| View previous topic :: View next topic |
| Author |
Message |
mjpiekarski
n00b
Joined: 01 Sep 2008
Posts: 1
|
 Posted: Tue Dec 16, 2008 6:06 am Post subject: Hmm |
 |
|
Okay, I totally understand what you guys want to accomplish I just think you are doing it weird.
You can do this with hashlimit tables or at least take connection STATES into account. Like, Okay... why not limit to 8-10 NEW connections and then up it to like 25 or so ESTABLISHED,RELATED. Its doable with a rule (syntax might not be entirely accurate):
| Code: |
# Rule to allow 10 new connections / min by unique IP
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m state --state NEW -m hashlimit --hashlimit-mode srcip --hashlimit 8/min --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name http_new -j ACCEPT
# Rule to drop any other NEW connections to those ports
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m state --state NEW -j DROP
# Rule to allow 20-25 ESTABLISHED/RELATED connections per second
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m state --state ESTABLISHED,RELATED -m hashlimit --hashlimit-mode srcip --hashlimit 20/sec --hashlimit-burst 25 --hashlimit-name http_estab -j ACCEPT
# Rule to drop connections over 25 / sec
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m state --state ESTABLISHED,RELATED -j DROP
# Rule to drop invalid connections
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m state --state INVALID -j DROP
|
I also suggest lowering your tcp_fin_timeout which may also help with the half-opens if you are getting syn floods. For MySQL, totally increase the query cache size which will help with the strain and time that it takes for connections to complete, as it will cache frequent queries. Good stuff.
This is just a suggestion... But I think it might be a better solution than the current lmiitation set in place. |
|
| Back to top |
|
 |
rdavl
n00b
Joined: 25 Jan 2006
Posts: 52
|
| Posted: Wed Dec 24, 2008 4:59 pm Post subject: Re: Too many connections. Please try again later. |
|
|
| klieber wrote: | | This forum has always put the best interests of the community above the (selfish) desires of a few individuals and we will continue to do so. |
@klieber, tomk
AFAIK default for network.http.max-connections-per-server in firefox3 is 15 so what you are saying is that only few (selfish) individuals use firefox3 or that every user that wants to access Gentoo forums need to tweak their browser?
This is not in the best interest of the community IMHO OFC.
_________________
"Meow" means "woof" in cat. |
|
| Back to top |
|
|
blandoon
Tux's lil' helper
Joined: 05 Apr 2004
Posts: 136
Location: Oregon, USA
|
| Posted: Fri Dec 26, 2008 10:38 pm Post subject: |
|
|
I suddenly started seeing this message on about 80% of page loads, just within the past 5-10 days (despite using Firefox 3 for months). In about:config I found all the network.http settings set to the defaults, except:
| Code: | | network.http.max-persistent-connections-per-server = 18 |
I've never installed Fasterfox or anything else that I'd expect to change this. I set it back to the default (6) and I've seen no problems so far, but after only about 15 minutes of testing... we'll see how it goes.
Having said that, there seem to be a lot of people reporting problems with this even when using default settings - probably because it's affected by a lot of factors that the end user cannot control, such as corporate network configurations. People in this thread have offered lots of very useful constructive feedback, and it would be very disappointing if nobody with the power to do so ever steps up and fixes this.
_________________
"Give a man a fire and he's warm for one night, but set fire to him and he's warm for the rest of his life..." |
|
| Back to top |
|
|
rahulthewall
Veteran
Joined: 01 Nov 2007
Posts: 1264
Location: Zürich
|
| Posted: Sat Jan 24, 2009 9:02 am Post subject: "Too many connections - please try again later" |
|
|
I have been getting that message too many times - do not know what is wrong - but it is getting impossible for me to use the forums because of this problem. Any ideas?
_________________
Who shall guard the guards? |
|
| Back to top |
|
|
Earthwings
Administrator
Joined: 14 Apr 2003
Posts: 7731
Location: Karlsruhe, Germany
|
| Posted: Sat Jan 24, 2009 9:34 am Post subject: |
|
|
Merged above. Check your browser settings (plugins, number of connections). Just got the same error dozens of times already today, which I think is caused by firefox plugins here (or rather a stupid setting on the forums server, but I gave up ranting about it).
_________________
KDE 4.8 - Get It While It's Hot! |
|
| Back to top |
|
|
rahulthewall
Veteran
Joined: 01 Nov 2007
Posts: 1264
Location: Zürich
|
| Posted: Sat Jan 24, 2009 9:48 am Post subject: |
|
|
| Code: |
network.http.max-persistent-connections-per-server
|
This was somehow set to 42 - no idea how and why - changed it to 10, let's see how it goes. After 5 minutes of testing it is fine! 
P.S. Oh and thanks for the quick merge - I guess I should have searched first. 
_________________
Who shall guard the guards? |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2009
Location: Germany
|
| Posted: Sat Jan 24, 2009 4:26 pm Post subject: |
|
|
since the powers that could change this idiocy don't listen - who can we turn to? council? trustees? Or have some people god like power and can not be forced to change idiotic settings? And how do we get google back?
_________________
| AidanJT wrote: |
...because pro-lifers (especially the catholic variety) are sick, depraved, satanic ....
|
...'people' - had to clean it up to not be offensive...
"The secret of politics? Make a good treaty with Russia." |
|
| Back to top |
|
|
desultory
Administrator
Joined: 04 Nov 2005
Posts: 7059
|
| Posted: Sun Jan 25, 2009 8:55 am Post subject: |
|
|
| energyman76b wrote: | | since the powers that could change this idiocy don't listen - who can we turn to? council? trustees? |
Launching some kind of inquest into why someone is busy is bureaucratic work wasting at its most useless, matched only by the futility of demanding that they become less busy without in any way reducing their workload. Besides, this should be going away when the forums are next upgraded, in addition to lifting the restrictions on specific search engine crawlers.
| energyman76b wrote: | | Or have some people god like power and can not be forced to change idiotic settings? |
They have a fearful power, they are busy with things which bear a higher priority. Please let them, and us, ready a solution to be deployed without needing to constantly field complaints.
| energyman76b wrote: | | And how do we get google back? |
Simple, you wait, it will happen. However additional complaints will do nothing to hasten that occurrence, if anything they induce further delays, these are known problems and fixes are coming. |
|
| Back to top |
|
|
devsk
Advocate
Joined: 24 Oct 2003
Posts: 2632
Location: Bay Area, CA
|
| Posted: Wed Jan 28, 2009 8:44 am Post subject: |
|
|
| desultory wrote: | | these are known problems and fixes are coming. |
I am so glad you said that. What took you so long? |
|
| Back to top |
|
|
octoploid
n00b
Joined: 21 Oct 2006
Posts: 65
|
| Posted: Sun Apr 05, 2009 10:45 am Post subject: |
|
|
Can someone please fix this crap ASAP?
This forum is the only website that complains about the number of concurrent connections.
It's a choice of the user and no I don't need no hand-holding from some over ambitious forum
admin telling me how I should configure my browser.
_________________
Myself and mine gymnastic ever |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5213
|
| Posted: Sun Apr 05, 2009 8:33 pm Post subject: |
|
|
| octoploid wrote: | Can someone please fix this crap ASAP?
This forum is the only website that complains about the number of concurrent connections.
It's a choice of the user and no I don't need no hand-holding from some over ambitious forum
admin telling me how I should configure my browser. |
i was going to type up some long spiel about the current FGO situation, but to be honest it hasn't changed one iota since the last time i mentioned it...
so here: http://forums.gentoo.org/viewtopic-p-5592836.html#5592836
_________________
goodbye fgo. it was nice knowing you. |
|
| Back to top |
|
|
pilla
Administrator
Joined: 07 Aug 2002
Posts: 7184
Location: Pelotas, BR
|
| Posted: Sun Apr 05, 2009 11:53 pm Post subject: |
|
|
| octoploid wrote: | Can someone please fix this crap ASAP?
This forum is the only website that complains about the number of concurrent connections.
It's a choice of the user and no I don't need no hand-holding from some over ambitious forum
admin telling me how I should configure my browser. |
It's your choice to configure your browser to suit your requirements, and it's our choice to configure the forums to suit our constraints. I don't see why your choices should be more important than ours.
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2009
Location: Germany
|
| Posted: Sun Apr 05, 2009 11:57 pm Post subject: |
|
|
oh yeah, when the forums are the only site out of thousand, millions, which has problems, the users settings are the culprit...
_________________
| AidanJT wrote: |
...because pro-lifers (especially the catholic variety) are sick, depraved, satanic ....
|
...'people' - had to clean it up to not be offensive...
"The secret of politics? Make a good treaty with Russia." |
|
| Back to top |
|
|
desultory
Administrator
Joined: 04 Nov 2005
Posts: 7059
|
| Posted: Mon Apr 06, 2009 12:22 am Post subject: |
|
|
As has been repeatedly stated, none of the available forum staff have adequate access to make such changes. None of the moderators. None of the administrators. I have no reason to suspect this will change any time soon.
This topic serves no purpose beyond venting at those who happen to be the most convenient targets for those who have not bothered to inform themselves. |
|
| Back to top |
|
|
energyman76b
Advocate
Joined: 26 Mar 2003
Posts: 2009
Location: Germany
|
| Posted: Mon Apr 06, 2009 12:26 am Post subject: |
|
|
well - they once were able to make the change - as shown in tomk's posting - the outcry started at that moment and has been ignored since then.
_________________
| AidanJT wrote: |
...because pro-lifers (especially the catholic variety) are sick, depraved, satanic ....
|
...'people' - had to clean it up to not be offensive...
"The secret of politics? Make a good treaty with Russia." |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5213
|
| Posted: Mon Apr 06, 2009 12:30 am Post subject: |
|
|
| energyman76b wrote: | | well - they once were able to make the change - as shown in tomk's posting - the outcry started at that moment and has been ignored since then. |
well, times change, and people disappear. and you can't blame us for not trying... we just don't have the means to get things done around here. 
| desultory wrote: | none of the available forum staff have adequate access to make such changes. None of the moderators. None of the administrators. I have no reason to suspect this will change any time soon.
|
_________________
goodbye fgo. it was nice knowing you. |
|
| Back to top |
|
|
desultory
Administrator
Joined: 04 Nov 2005
Posts: 7059
|
| Posted: Mon Apr 06, 2009 12:39 am Post subject: |
|
|
| energyman76b wrote: | | well - they once were able to make the change |
Are they available? No, they either retired from the forums or have not been around for months.
| energyman76b wrote: | | - as shown in tomk's posting |
When was the last time he was around? December, in passing.
| energyman76b wrote: | | - the outcry started at that moment and has been ignored since then. |
Which account do you use to participate in the internal discussions of this and other related problems? Either you have managed to successfully hijack one or more staff accounts to the point where your postings and your writing on IRC are indistinguishable from theirs or you do not take part in those discussions, either way you have no basis for claiming that this has been ignored, quite the opposite. |
|
| Back to top |
|
|
pilla
Administrator
Joined: 07 Aug 2002
Posts: 7184
Location: Pelotas, BR
|
| Posted: Mon Apr 06, 2009 12:40 am Post subject: |
|
|
Locked.
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
|
desultory
Administrator
Joined: 04 Nov 2005
Posts: 7059
|
| Posted: Thu May 28, 2009 7:34 am Post subject: |
|
|
Unlocked as this seems the most logical place to post an update regarding the problems with the rate limiting.
The rate limiting configuration has been modified to address the concerns raised in this topic, it should not affect regular browsing anymore, not that it was intended to previously. If it does please post to this topic, and include a description of how the problem was encountered.
Edit: It seems some further tweaking may be in order, updates will be posted as they are available.
Further edit: The aforementioned tweaking has been done and it appears to be functioning properly. |
|
| Back to top |
|
|
|
Gentoo Forums Feedback
