Description of incident:
I notice in my MRTG panel that httpd processes have climbed to 800 ( our maximum ), but all other parameters are normal ( cpu, memory, traffic )
I immediately ran a nestat command ( netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
) to see which IPs were generating the most connections.
A single IP had opened 500 + connections.
We used iptables to ban the ip, everything went back to normal.
We use an apache module that limits the number of concurrent requests per IP. it has been tested so it works, but here it did not do anything. somehow, the limit was avoided.
Please help me tu understand how the limit was avoided.