Ubuntu

為什麼 Apache 會創建如此多的內部虛擬連接?影響伺服器性能的 CPU 使用問題

  • December 10, 2019

試圖解決一些 CPU 使用問題並調查可能的惡意活動。作為其中的一部分,我對 Apache 日誌中的許多虛擬連接感到好奇。這些的起源是什麼,為什麼這麼多?

我們執行許多 PHP/MySQL Web 應用程序。我注意到在一個非常高的 CPU 峰值期間(高達 100% 的使用率),這top表明 Apache 創建了www-data我認為是 PHP 腳本命中的程序負載。

虛擬連接是問題的症狀還是部分原因?我還可以查看哪些其他內容?

/var/log/apache2/access.log

::1 - - [09/Dec/2019:14:42:32 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:33 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:34 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:35 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:36 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:37 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:38 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:39 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:40 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:46 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:53 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:54 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:55 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:57 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:58 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:42:59 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:00 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:01 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:02 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:03 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:04 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:05 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:06 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:12 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:13 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:14 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:15 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:16 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:17 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:22 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:23 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:27 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:34 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:38 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:39 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:40 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:41 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:42 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:43 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:44 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:45 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:46 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:47 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:48 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:49 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:50 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:51 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:52 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:53 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:43:57 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:00 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:03 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:04 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:05 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"
::1 - - [09/Dec/2019:14:44:06 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.37 (Ubuntu) OpenSSL/1.1.1a (internal dummy connection)"

從 Apache 文件:

當 Apache HTTP 伺服器管理其子程序時,它需要一種方法來喚醒正在偵聽新連接的程序。為此,它向自身發送一個簡單的 HTTP 請求。此請求將出現在 access_log 文件中,遠端地址設置為環回介面(如果配置了 IPv6,通常為 127.0.0.1 或 ::1)。如果您記錄 User-Agent 字元串(如以組合日誌格式),您將在非 SSL 伺服器上看到伺服器簽名後跟“(內部虛擬連接)”。在某些時期,您可能會看到每個 httpd 子程序最多有一個這樣的請求。

這些請求是完全正常的,您無需擔心它們。它們可以被簡單地忽略。

您可以通過將請求從“內部虛擬連接”重定向到空文件來使用 .htaccess

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^.*internal dummy connection.*$ [NC]
RewriteRule ^/$ /empty.html [L]

引用自:https://serverfault.com/questions/995017