For a while I have been chasing down an issue with Apache server with 408 errors. It seems that some worms will open many connections per IP (20 perhaps?) that apache is hosting. A single worm would consume all daemons and for some reason the daemons don't die. This lead to a total DOS of my server.
After much playing around with timeout values and number of clients to be supported, I found that nothing seems to work except disabling keepalives.
Today, one rogue worm attempted 351 connections in the space of about 1 minute and my server dealt with it just fine. Every single connection ended in a 408 error.
I have looked around the net for others that have been facing this issue and it seems that those who are hosting many ip/domains are being hit the hardest and so there hasn't been much feedback on this issue.
I am curious if anyone else is facing this issue?
Also, I think that there may be a bug in Apache in that keepalive timeouts don't seem work in conjunction with a 408 error? Perhaps time never starts for a connection that never completes?