Need help?

Our experts have had an average response time of 13.14 minutes in February 2024 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Apache high CPU usage – how to protect your server from overload?

by | Mar 4, 2017

In our role as Server Support Engineers for web hosting companies, server health monitoring and maintenance is a routine activity we perform in our customers’ servers.

A common issue we notice during server monitoring is the server load intermittently going high, usually caused by Apache high CPU usage. As Apache is a commonly used web server, we give it top priority in our support services.

By running the top command, we can see that Apache takes up about 100% CPU, in this snippet:

%CPU PID USER COMMAND
100 28480 www-data /usr/sbin/apache2 -k start

A server that has its CPU maxed out, can crash and cause a downtime. So, identifying the reason for Apache high CPU usage and resolving it promptly is a task we perform, as soon as we notice such server issues.

Today, we’ll see how we debug and prevent high CPU usage due to Apache service.

 

What causes Apache high CPU usage?

In our server management services, we’ve noted various scenarios that can cause Apache to use up the server CPU, some of them being:

  1. A poorly coded web application
  2. 3rd party plugins in applications
  3. Certain Apache modules
  4. Too many users or connections
  5. A single user abusing the server
  6. Vulnerabilities or exploits in web applications
  7. Outdated or insecure Apache version
  8. Malware or malicious scripts in websites or server

To dig in to the actual root cause, we follow an efficient and fool-proof debugging strategy.

[ You don’t have to lose your sleep to keep your web server fast and stable. Click here to know how our Support Engineers can help you deliver reliable services]

 

How we debug Apache high CPU usage?

In every load debugging scenario, we follow a systematic 3-step approach to fix the issue.

  1. Find the over-loaded resource – Resource could be CPU, memory, I/O, etc. We examine the ‘top’ results for sometime to pinpoint the problematic resource and service, or else it can lead to wrong debugging.
  2. Find the service hogging that resource – Web, mail, database or any other service in the server can abuse the resource. We map the resource usage with the listed command, to identify the service.
  3. Find the user abusing that service – In a shared server, there may be multiple accounts. So, detecting and suspending the abusive user is very important to assure server stability.

For troubleshooting a physical server or a hardware virtualized instance, ‘atop’ is the tool we use. In an OS virtualization environment, we usually use the regular ‘top’ command. For VPS node troubleshooting, we go for ‘vztop’ utility.

From the results of these utilities, we detect the service that is taking up the CPU resource. Once the service is pinpointed, we find out the process and the user that is hogging up the resources.

To list the files and actions being done by each process, we use ‘lsof‘ command. Using ‘pstree’, we look for any suspicious or high number of processes.

We use ‘netstat‘ and other network related commands to check for too many connections from one particular IP or an IP range. To track the details of certain suspicious commands, we use ‘strace‘ utility.

Enabling extended logging in servers helps us to examine the user specific logs such as access log and error log and to find out the details of high CPU usage for Apache.

How to fix Apache high CPU usage?

Once we identify the abusive user, process or the IP address, we take immediate corrective action to prevent further resource abuse in the server.

In our Dedicated server maintenance services, Bobcares helps server owners deliver high uptime and performance for their websites, with these actions:

  1. Blocking the suspicious IP address in firewall
  2. Disabling the problematic plugin or module
  3. Suspending the user account that is abusing
  4. Patching and updating vulnerable software
  5. Tweaking Apache and PHP configuration
  6. Scanning and removing infected files
  7. Limiting the number of connections per user
  8. Hardening Apache and related services

[ You don’t have to be a server expert to keep your site fast and stable. Our Support Engineers will keep your server blazing fast through 24/7 monitoring & maintenance]

 

How to prevent Apache from hogging the CPU?

A fast CPU and adequate memory (RAM) are the basic necessities for a high-speed Apache web server. So, whenever we configure and setup a server, the first thing we do is to ensure that the server resources are adequate for the traffic and websites hosted in them.

But simply adding resources, without utilizing them efficiently, can lead to wastage and loss. That’s where Apache performance tuning comes into picture.

With the optimal hardware resources, we’ve been able to limit CPU usage of Apache by about 50%, by tweaking its configuration settings. Here we’ll shed some light into how we do that performance tuning.

  • By loading only the required Apache modules during compile time, we limit the resources required for Apache to start
  • By running the web server processes in the respective usernames, we are able to easily track and isolate abusers.
  • We disable unnecessary modules and maintain the minimal required installation of Apache to reduce resource usage.
  • Configuring web application firewalls and limiting the access helps us to ward off attackers.
  • Enabling firewalls and DDoS protection is a crucial measure we do to block abusive IPs before they crash the webserver.
  • Setting up resource limits for each user helps us to keep a limit on the resource usage spikes.
  • Using malware scanning, we track and disable any malicious scripts that can hog the CPU.
  • Monitoring the web server for security issues and resource usage round the clock, helps us to promptly identify the issues.
  • We custom-compile Apache MPMs to handle the traffic and resources in each server optimally.
  • Tweaking MySQL and PHP settings helps to avoid the bottle-necks they incur on the web server.

In addition to these proactive tips, we also configure Apache with certain run-time parameters, that enables us to further reduce the CPU usage incurred by the web server. These include:

  1. Disabling DNS lookups
  2. Setting Off AllowOverride
  3. Enabling FollowSymLinks
  4. Limiting MaxClients
  5. Configuring MaxSpareServers and MinSpareServers
  6. Rate limiting MaxRequestsPerChild
  7. Setting KeepAlive On
  8. Configuring TimeOut values

[ Use your time to build your business. Leave your servers in our expert hands. Support Engineers plans start as low as $12.99/hr. ]

 

Conclusion

Configuring Apache for minimal CPU usage is tricky, as there are no hard and fast rules or ‘one-size fits all’ tips. Each web server is different and understanding these requirements is vital before experimenting with the settings.

Our 24/7 expert technicians keep an eye on the resource usage, process performance, network connections, etc., in the servers and curb the spikes instantly to avoid server crashes.

At Bobcares, we also design and implement custom webserver architecture using NginX, Apache, etc. to ensure high available and high speed infrastructure for our customers.

If you’d like to know how to manage your webservers efficiently for your business purposes, we’d be happy to talk to you.

 

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF