PDA

View Full Version : slow download through webserver problem

snewp
22nd April 2008, 16:56
i have a webserver installed. when i try to download a file from the server it will just give me 2kbps download rate which is way below my normal download rate. tried to download on my test box (same location with the webserver) it gives me my normal download rate. and let my friend try, still same download rate at 2kbps. i did try to change the network cable, no go. i did try to switch to other router port, still no go. btw, even in sftp it still gives me 2kbps. after a while of waiting it says it's completed but when i try to unzip the file it says corrupted and file size is 0. did try ping and it's good, no loses. are there any other ways of troubleshooting this problem?
falko
23rd April 2008, 14:47
Are there any errors in your log files?
snewp
24th April 2008, 05:52
hi,

i can't see any errors in the log files. it's really unusual coz my test and webserver box have the same configuration. i even reinstalled my webserver box but still got the same issue.
falko
25th April 2008, 17:09
Do you have mod_throttle or mod_cband installed?
snewp
27th April 2008, 16:58
nope. i didn't install either of the two.
falko
28th April 2008, 22:48
Which distribution are you using?
snewp
30th April 2008, 21:38
i'm currently using debian etch.
falko
1st May 2008, 21:50
What's the output of ls -la /etc/apache2/mods-enabled? What's in /etc/apache2/httpd.conf?
snewp
2nd May 2008, 08:04
What's the output of ls -la /etc/apache2/mods-enabled? What's in /etc/apache2/httpd.conf?

mods-enabled:
drwxr-xr-x 2 root root 4096 2008-04-21 18:54 .
drwxr-xr-x 7 root root 4096 2008-04-20 19:15 ..
lrwxrwxrwx 1 root root 40 2008-04-21 18:54 actions.load -> /etc/apache2/mods-available/actions.load
lrwxrwxrwx 1 root root 28 2008-04-20 19:15 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 2008-04-20 19:15 auth_basic.load -> ../mods-available/auth_basic.load
lrwxrwxrwx 1 root root 33 2008-04-20 19:15 authn_file.load -> ../mods-available/authn_file.load
lrwxrwxrwx 1 root root 36 2008-04-20 19:15 authz_default.load -> ../mods-available/authz_default.load
lrwxrwxrwx 1 root root 38 2008-04-20 19:15 authz_groupfile.load -> ../mods-available/authz_groupfile.load
lrwxrwxrwx 1 root root 33 2008-04-20 19:15 authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx 1 root root 33 2008-04-20 19:15 authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx 1 root root 32 2008-04-20 19:15 autoindex.load -> ../mods-available/autoindex.load
lrwxrwxrwx 1 root root 26 2008-04-20 19:15 cgi.load -> ../mods-available/cgi.load
lrwxrwxrwx 1 root root 26 2008-04-20 19:15 dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx 1 root root 26 2008-04-20 19:15 dir.load -> ../mods-available/dir.load
lrwxrwxrwx 1 root root 26 2008-04-20 19:15 env.load -> ../mods-available/env.load
lrwxrwxrwx 1 root root 30 2008-04-20 19:19 include.load -> ../mods-available/include.load
lrwxrwxrwx 1 root root 27 2008-04-20 19:15 mime.load -> ../mods-available/mime.load
lrwxrwxrwx 1 root root 36 2008-04-21 05:54 mod-security2.load -> ../mods-available/mod-security2.load
lrwxrwxrwx 1 root root 34 2008-04-20 19:15 negotiation.load -> ../mods-available/negotiation.load
lrwxrwxrwx 1 root root 27 2008-04-20 19:18 php5.conf -> ../mods-available/php5.conf
lrwxrwxrwx 1 root root 27 2008-04-20 19:18 php5.load -> ../mods-available/php5.load
lrwxrwxrwx 1 root root 30 2008-04-20 19:19 rewrite.load -> ../mods-available/rewrite.load
lrwxrwxrwx 1 root root 31 2008-04-20 19:15 setenvif.load -> ../mods-available/setenvif.load
lrwxrwxrwx 1 root root 26 2008-04-20 19:19 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 2008-04-20 19:19 ssl.load -> ../mods-available/ssl.load
lrwxrwxrwx 1 root root 29 2008-04-20 19:15 status.load -> ../mods-available/status.load
lrwxrwxrwx 1 root root 29 2008-04-20 19:19 suexec.load -> ../mods-available/suexec.load
lrwxrwxrwx 1 root root 32 2008-04-21 05:54 unique_id.load -> ../mods-available/unique_id.load

there nothing on httpd.conf
falko
3rd May 2008, 21:27
I see you're using mod_security. Can you disable mod_security and try a downoad? If it's faster then we know it has to do with mod_security.
snewp
4th May 2008, 18:31
disabled mod_security but still no go.
falko
5th May 2008, 19:31
Are you using a firewall? What's the output of iptables -L?
snewp
5th May 2008, 20:55
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state RELATED udp dpts:1024:65535
ACCEPT icmp -- anywhere anywhere state RELATED
HOST_BLOCK 0 -- anywhere anywhere
SPOOF_CHK 0 -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp dpt:www state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpt:auth state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpt:4545 state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpt:https state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
LOG tcp -- anywhere anywhere tcp dpts:12000:24444 state NEW limit: avg 3/min burst 15 LOG level info prefix `TCP INPUT log: '
VALID_CHK 0 -- anywhere anywhere
EXT_INPUT_CHAIN !icmp -- anywhere anywhere state NEW
EXT_INPUT_CHAIN icmp -- anywhere anywhere state NEW limit: avg 20/sec burst 100
EXT_ICMP_CHAIN icmp -- anywhere anywhere state NEW
LOG 0 -- anywhere anywhere limit: avg 1/sec burst 5 LOG level info prefix `Dropped INPUT packet: '
DROP 0 -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED tcp dpts:1024:65535
ACCEPT udp -- anywhere anywhere state RELATED udp dpts:1024:65535
ACCEPT icmp -- anywhere anywhere state RELATED
HOST_BLOCK 0 -- anywhere anywhere
SPOOF_CHK 0 -- anywhere anywhere
VALID_CHK 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 1/min burst 3 LOG level info prefix `Dropped FORWARD packet: '
DROP 0 -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT 0 -- anywhere anywhere state ESTABLISHED
LOG 0 -f anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FRAGMENTED PACKET (OUT): '
DROP 0 -f anywhere anywhere
EXT_OUTPUT_CHAIN 0 -- anywhere anywhere

Chain EXT_ICMP_CHAIN (1 references)
target prot opt source destination
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 12/hour burst 1 LOG level info prefix `ICMP-request(ping) flood: '
LOG icmp -- anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable flood: '
LOG icmp -- anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench flood: '
LOG icmp -- anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded flood: '
LOG icmp -- anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem flood: '
DROP icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere icmp source-quench
DROP icmp -- anywhere anywhere icmp time-exceeded
DROP icmp -- anywhere anywhere icmp parameter-problem
LOG icmp -- anywhere anywhere limit: avg 12/hour burst 1 LOG level info prefix `ICMP(other) flood: '
DROP icmp -- anywhere anywhere

Chain EXT_INPUT_CHAIN (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `TCP port 0 OS fingerprint: '
LOG udp -- anywhere anywhere udp dpt:0 limit: avg 6/hour burst 1 LOG level info prefix `UDP port 0 OS fingerprint: '
DROP tcp -- anywhere anywhere tcp dpt:0
DROP udp -- anywhere anywhere udp dpt:0
LOG tcp -- anywhere anywhere tcp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `TCP source port 0: '
LOG udp -- anywhere anywhere udp spt:0 limit: avg 6/hour burst 5 LOG level info prefix `UDP source port 0: '
DROP tcp -- anywhere anywhere tcp spt:0
DROP udp -- anywhere anywhere udp spt:0
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:4545
ACCEPT tcp -- anywhere anywhere tcp dpts:12000:24444
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 3/min burst 1 LOG level info prefix `ICMP-request: '
LOG icmp -- anywhere anywhere icmp destination-unreachable limit: avg 12/hour burst 1 LOG level info prefix `ICMP-unreachable: '
LOG icmp -- anywhere anywhere icmp source-quench limit: avg 12/hour burst 1 LOG level info prefix `ICMP-source-quench: '
LOG icmp -- anywhere anywhere icmp time-exceeded limit: avg 12/hour burst 1 LOG level info prefix `ICMP-time-exceeded: '
LOG icmp -- anywhere anywhere icmp parameter-problem limit: avg 12/hour burst 1 LOG level info prefix `ICMP-param.-problem: '
LOG tcp -- anywhere anywhere tcp dpts:1024:65535 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (UNPRIV)?: '
LOG tcp -- anywhere anywhere tcp dpts:0:1023 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth scan (PRIV)?: '
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
LOG udp -- anywhere anywhere udp dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (PRIV): '
LOG tcp -- anywhere anywhere tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
LOG udp -- anywhere anywhere udp dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix `Connection attempt (UNPRIV): '
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP icmp -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 1/min burst 5 LOG level info prefix `Other-IP connection attempt: '
DROP 0 -- anywhere anywhere

Chain EXT_OUTPUT_CHAIN (1 references)
target prot opt source destination

Chain HOST_BLOCK (2 references)
target prot opt source destination

Chain MAC_FILTER (0 references)
target prot opt source destination

Chain RESERVED_NET_CHK (0 references)
target prot opt source destination
LOG 0 -- 10.0.0.0/8 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class A address: '
LOG 0 -- 172.16.0.0/12 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class B address: '
LOG 0 -- 192.168.0.0/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class C address: '
LOG 0 -- link-local/16 anywhere limit: avg 1/min burst 1 LOG level info prefix `Class M$ address: '
DROP 0 -- 10.0.0.0/8 anywhere
DROP 0 -- 172.16.0.0/12 anywhere
DROP 0 -- 192.168.0.0/16 anywhere
DROP 0 -- link-local/16 anywhere

Chain SPOOF_CHK (2 references)
target prot opt source destination
RETURN 0 -- anywhere anywhere

Chain VALID_CHK (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-PSH scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min burst 5 LOG level info prefix `Stealth XMAS-ALL scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level info prefix `Stealth FIN scan: '
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/RST scan: '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix `Stealth SYN/FIN scan(?): '
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level info prefix `Stealth Null scan: '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp option=64 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(64): '
LOG tcp -- anywhere anywhere tcp option=128 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP flag(128): '
DROP tcp -- anywhere anywhere tcp option=64
DROP tcp -- anywhere anywhere tcp option=128
DROP 0 -- anywhere anywhere state INVALID
LOG 0 -f anywhere anywhere limit: avg 3/min burst 1 LOG level warning prefix `Fragmented packet: '
DROP 0 -f anywhere anywhere

Chain allow-www-traffic-in (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere limit: avg 1/sec burst 5 tcp dpt:www flags:FIN,SYN,RST,PSH,ACK,URG/FIN
ACCEPT tcp -- anywhere anywhere limit: avg 1/sec burst 5 tcp dpt:www flags:FIN,SYN,RST,PSH,ACK,URG/SYN
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp dpt:webcache
falko
6th May 2008, 16:59
Ok, does the download speed change when you disable the firewall?
snewp
9th May 2008, 06:25
it didnt change. when it was a fresh install with no firewall, no security the speed is still the same (slow). so i think it's gotta be with my onboard NiC.

I just finished the reinstall and use another NIC, the speed is ok now.

thanks for your help falko. i appreciate it.