IIS:Timer_ConnectionIdle、Timer_MinBytesPerSecond、C
當(dāng)前位置:點(diǎn)晴教程→知識(shí)管理交流
→『 技術(shù)文檔交流 』
2009-11-16 13:20:45 222.212.232.231 2314 210.24.89.23 80 - - - - - Timer_ConnectionIdle -
2009-11-16 13:20:45 58.219.136.27 1504 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:20:45 218.22.24.182 40519 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:20:50 58.37.57.12 1528 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:20:50 125.77.247.185 28863 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:20:55 218.79.52.173 49938 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:20:55 122.4.74.252 1550 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:20:55 58.35.38.166 4296 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:00 58.37.57.12 1544 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:21:05 124.78.252.218 1101 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:21:05 125.120.195.236 3588 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:05 114.226.104.250 4607 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:05 122.224.115.149 41605 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:05 218.82.14.48 4399 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:05 218.79.62.18 1573 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:10 221.223.143.1 36141 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:21:15 116.235.177.155 1144 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:26 116.227.204.143 61732 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:26 41.209.72.214 4089 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:41 123.181.158.114 5896 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:46 222.70.45.196 34171 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:51 116.224.116.90 60399 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:21:51 125.42.176.204 14899 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:22:06 123.88.50.194 4321 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:22:11 114.226.104.250 4603 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:22:11 114.94.243.235 3281 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:22:11 218.79.154.94 4074 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:22:16 121.237.248.58 31418 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:22:16 118.113.161.64 1154 210.24.89.23 80 - - - - - Timer_ConnectionIdle - 2009-11-16 13:22:16 117.42.55.233 1378 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - 2009-11-16 13:22:16 222.71.116.173 1807 210.24.89.23 80 - - - - - Timer_MinBytesPerSecond - C:\WINDOWS\system32\LogFiles\HTTPERR 這些天發(fā)現(xiàn)公司的網(wǎng)站多了很多httperror,開(kāi)始檢查IIS log了,發(fā)現(xiàn) IIS 里面很多Timer_ConnectionIdle和Timer_MinBytesPerSecond的錯(cuò)誤,到網(wǎng)絡(luò)上google了一下,常見(jiàn)說(shuō)法是說(shuō)錯(cuò)誤是因?yàn)镮IS的設(shè)置不當(dāng)引起的,是因?yàn)檫B接超時(shí)時(shí)間設(shè)置太小,解決方法是設(shè)置連接超時(shí)為600秒,把MinFileBytesPerSec的設(shè)置從240修改到0(相當(dāng)于關(guān)掉該設(shè)置)。覺(jué)得這些解決方法都有問(wèn)題,假如車輛防盜警報(bào)經(jīng)常響,正確的解決方法是看看有誰(shuí)常來(lái)打你車子的主意,或者把車子放在更安全的地方,而絕對(duì)不是關(guān)掉警報(bào)。 因?yàn)镠TTP服務(wù)需要占用TCP連接,而TCP連接時(shí)是需要占用系統(tǒng)資源的,而且IIS為每個(gè)連接也需要分配相應(yīng)的資源。目前的主機(jī)能夠處理上萬(wàn)的連接就可以說(shuō)是軟硬件設(shè)計(jì)都很不錯(cuò)了(可以參見(jiàn)C10K )。假如惡意人員通過(guò)一臺(tái)或者多臺(tái)機(jī)器發(fā)起大量的連接,而不請(qǐng)求內(nèi)容(這樣不需要消耗多少攻擊機(jī)器的帶寬),就可以大量消耗服務(wù)器資源而達(dá)到拒絕服務(wù)的目的。 所以 IIS 需要關(guān)閉長(zhǎng)時(shí)間非活動(dòng)的連接,這個(gè)就是Timer_ConnectionIdle 的錯(cuò)誤由來(lái)。 原來(lái)以為攻擊者可以給服務(wù)器故意緩慢的發(fā)送和接收內(nèi)容而消耗服務(wù)器的資源,這樣可以避免服務(wù)器對(duì)于Timer_ConnectionIdle 的保護(hù),相應(yīng)的IIS的防范就是 MinFileBytesPerSec 設(shè)置,MinFileBytesPerSec 屬性通過(guò)以最小的數(shù)據(jù)量保持連接,來(lái)禁止惡意的或軟件工作不正常的客戶端消耗資源。如果吞吐量低于 MinFileBytesPerSec 設(shè)置的值,則終止連接。LOG里面就會(huì)顯示Timer_MinBytesPerSecond錯(cuò)誤(一些Timer_MinBytesPerSecond錯(cuò)誤是因?yàn)?windows 2003 的http.sys錯(cuò)誤引起的,解決方式是打上最新 ServicePack : http://support.microsoft.com/kb/919797 http://support.microsoft.com/kb/919797/en-us ) 所以說(shuō)這些設(shè)置都是用來(lái)保護(hù)IIS服務(wù)器的,可以一定程度上抵御一些惡意的行為消耗服務(wù)器的資源;還有個(gè)問(wèn)題是iislog日志文件不做記錄日志文件特別小一直不清楚什么問(wèn)題? 設(shè)置方法,在開(kāi)始菜單中打開(kāi)CMD,然后按以下步驟操作: Microsoft Windows [版本 5.2.3790] C:\Documents and Settings\Administrator>cd C:\Inetpub\AdminScripts C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/MinFileBytesPerSec MinFileBytesPerSec : (INTEGER) 240 C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/MinFileBytesPerSec 50 MinFileBytesPerSec : (INTEGER) 50 C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/MinFileBytesPerSec MinFileBytesPerSec : (INTEGER) 50 C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/MinFileBytesPerSec 0 MinFileBytesPerSec : (INTEGER) 0 C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/MinFileBytesPerSec MinFileBytesPerSec : (INTEGER) 0 C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/ConnectionTimeout ConnectionTimeout : (INTEGER) 120 C:\Inetpub\AdminScripts>cscript adsutil.vbs set w3svc/ConnectionTimeout 600 ConnectionTimeout : (INTEGER) 600 C:\Inetpub\AdminScripts>cscript adsutil.vbs get w3svc/ConnectionTimeout ConnectionTimeout : (INTEGER) 600 C:\Inetpub\AdminScripts> 該文章在 2011/2/28 10:24:20 編輯過(guò) |
關(guān)鍵字查詢
相關(guān)文章
正在查詢... |