[self-solved] Logs not showing connection limit reached

#1
Hello,

is it just me, or is Litespeed not logging "[x.x.x.x] Reached per client connection hard limit" anymore? I noticed, that these lines are missing on several Litespeed setups, even if I increase the limit to 10 connections or less. Some of these setups are for websites under DDoS and fail2ban needs these logs to ban bots, as you know, and it doesn't ban any IP, no matter what limit I set.
 
Last edited by a moderator:

webizen

Well-Known Member
#2
Please provide the following info just for better understanding your situation:
1. Your OS version
2. Your LSWS version
3. What is your current Per Client Throttle settings? You can paste here a screenshot of that section from your webadmin console.
4. When did the logging stop?
5. Can you recollect anything happened around that time?
6. What is the current logging level? Is it always set to the current level?

Regards,

Webizen
 
Last edited:
#3
1.) centos-5-i386-hostinabox576 (CentOS Kernel 2.6.18-164.11.1.el5.028stab068.5)

2.) 4.0.17

3.) i56.tinypic*DOT*com/2a5kx2t*DOT*png

4.) About 5 days ago. I've only noticed it as the VPS got DDoS'd and crashed the whole node, 'cos fail2ban wasn't banning any IP.

5.) No I can't, I experienced this problem on several VPS' and fail2ban was working all the time before with a regex to read the connection limit reached lines from Litespeed log. I thought of a silent LSWS update or something like this, it's a really strange and sudden problem.

6.) Of course I've already checked that, it's the default setting (Debug, None) and it always worked before like that.

fail2ban filter rules are:

Code:
failregex = \[<HOST>\] Reached per client connection hard limit: \d+, close connection!
            \[<HOST>\] is over per client soft connection limit: \d+ for
but none of these lines are logged by Litespeed anymore, even though the Webserver is under DDoS and the connection limits are very very low (see "3.)")
 
Last edited:

webizen

Well-Known Member
#4
Upgrade will not happen unless you click upgrade link in version manager or run 'install.sh' again and choose 'Upgrade' option. The point is upgrade would not silently happen.

You can run tool like ab (Apache Benchmarking tool) to hit connection limit and see if LSWS logs the IP (also make sure new requests do get logged in LSWS).
 
Top