We are having an issue at one of our customer sites where Tripwire is flagging events when more than 1000 HTTP connections are being individually created from different IP addresses within a span of one minute. We have turned on keep-alive( 10 secs) on our web server (Apache on Linux). We did some network capturing and noticed that while the keep-alive timeout is being honored, it may still be creating multiple connections for the requests.
Does anyone know why all these HTTP connections are being created? Any help will be appreciated.
EDITED: To avoid confusion