Some time web server response very slow due to multiple concurrent connection to Apache. As we know that each web server has different Apache configuration depends upon its hardware (Processor and RAM). Maximum allowed Apache concurrent connection can be configured by ServerLimit directive in apache2.conf file. After exceeding this limit new apache connection goes in queue. Thus web server response very slow.
Each Apache connection is not always real user. Few are search engine spider like googlebot, yahoobot and some are bad bots (website scraping bots, brute-force bots). These bad bots makes many concurrent connections to Apache from same IP address.
In this artice I will explain how to find number of concurrent Apache connection by IP. To do this we will use netstat Linux command. Netstat is a command-line utility to display TCP/IP connection statistics. Most Linux distribution has netstat command pre installed.
Get number of concurrent Apache connections
To find total number of concurrent connections to apache run following command
netstat -ntu |grep -E ':80|:443'|wc -l
Above command will show number of Apache http/https concurrent connections.
List apache connctions by IP sort by concurrency
To find list of Apache http/https connections by IP-address and sort them by their concurrency use following command.
netstat -ntu |grep -E ':80|:443'|grep ESTAB| awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
As we can see above command shows number of connections per IP-address. So we can easily find IPs with maximum connections and check whether it is real user, search bot or bad bot via IP whois lookup. And block all bad bots with Linux firewall.
In same way we can also find bad bots to other services like ftp (Port 21), SSH (Port 22), mysql (Port 3306) etc. We have to just replace port number in above command.