FreeBSD: Apache httpready filter – Failed to enable the 'httpready' Accept Filter

by on September 19, 2008 · 11 comments· LAST UPDATED January 17, 2009

in , ,

Q. I've installed Apache 2.2 from FreeBSD 7.0 ports and when I try to start I get following warning on screen:

Performing sanity check on apache22 configuration:
Syntax OK
Starting apache22.
[Wed Sep 17 22:01:58 2008] [warn] (2)No such file or directory: Failed to enable the 'httpready' Accept Filter

How do I fix this error?

A. FreeBSD has special driver called accf_http. It will buffer incoming connections until a certain complete HTTP requests arrive to speed up and optimize performance.

The utility of accf_http is such that a server will not have to context switch several times before performing the initial parsing of the request. This effectively reduces the amount of required CPU utilization to handle incoming requests by keeping active processes in preforking servers such as Apache low and reducing the size of the file descriptor set that needs to be managed by interfaces such as select(), poll() or kevent() based servers.

Just open shell prompt and type the following command to load accf_http under FreeBSD :
# kldload accf_http
Restart apache:
# /usr/local/etc/rc.d/apache22 restart

Update /boot/loader.conf file

Type the following command so that driver get loaded at the time of booting system:
# echo 'accf_http_load="YES"' >> /boot/loader.conf

A note about FreeBSD jails (vps)

Under jail you cannot load this module. It needs to be loaded from host using above command.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 11 comments… read them below or add one }

1 Florin Grosu June 25, 2009 at 2:19 pm

Is there any other linux distro with this option? Or a “accf_http like” way for red hat, or ubuntu? I’m asking this question, having in mind the slowloris attack.

Reply

2 nixCraft June 25, 2009 at 3:42 pm

Noop, there is not such thing for Linux. Set your apache timeout to 30, use iptables to limit connection per IP, there is also unoffical patch that changes Timeout on fly.

Reply

3 motivez January 31, 2010 at 9:46 pm

I have done the above, but whenever I get a graceful restart request during log rollovers, I am still getting the error.. additionally, my Apache is segfaulting after every graceful restart.

Any suggestions?

Reply

4 hexabit May 7, 2010 at 7:13 am

In fact this solution does not help in my case (FreeBsd 7.2 amd64) so I recompiled the kernel with both modules (accf_http and accf_data) filters hoping it will help… unfortunately this didn’t help either – but strangely apache seems to work without problems… but message “[warn] (2)No such file or directory: Failed to enable the ‘httpready’ Accept Filter” is still present in the logs…

Reply

5 pascal May 21, 2010 at 6:53 pm

this works for me (FreeBSD 8.0 i386 and Apache 2.2.15). Thanks

Reply

6 Ben October 21, 2010 at 8:45 am

It doesn’t work, and I got kidload: Command not found
(FreeBSD 8.1 amd64 and Apache 2.2.15_9 )

Reply

7 nixCraft October 21, 2010 at 8:52 am

It is

kldload

and not the

kidload

You got a typo in your command.

Reply

8 Ben October 21, 2010 at 4:47 pm

Thanks a lot … sorry for my typo error. Now I got the message “kldload: can’t load accf_http: File exists”, I think the system has loaded the module already.

but the httpd still not running… haha…and I cannot figure out why….

I have tried portsnap fetch extract to update /usr/ports to the most update…and install apache22.17 , but it still doesn’t function….

Because I am in a vbox machine to test FreeBSD ? There is no full-qualified hostname….but why ? I’ve studies the handbook again and again….haha…don’t know why, I just cannot start apache22

Reply

9 nixCraft October 21, 2010 at 5:21 pm

Check your Apache error log and access log files.

Reply

10 Ben October 21, 2010 at 6:19 pm

I come back to say “Thank you”. When I was very frustrated … I took a shower…and come back to my PC to fight again…I get it WORKS!!

This is another typo error, while I checked the error log, it said hostname nor servname provided, or not known: ….HAHA… and the hostname in the error log is not the one I put in /etc/hosts file ( just a private dummy hostname)

It took me so long to get it works… thank you again!! ( Today is my first day to try FreeBSD, wonderful experience!! especially, I send command : portmaster -a, it took so long to upgrade all ports. )

Reply

11 ben November 17, 2010 at 2:27 am

It’s a little bit of confused after study FreeBSD installation of Apache. Can you help me to figure out what should I do?

After install the port of apache22, I noticed the auto-generated file /usr/local/etc/apache22/Includes/no-accf.conf including the following directive:

AcceptFilter http none
AcceptFilter https none

and I also find the description in Apache official site, http://httpd.apache.org/docs/2.2/mod/core.html:
The default values on FreeBSD are:
AcceptFilter http httpready
AcceptFilter https dataready

There is no warning or error in http_error_log after I follow your instruction to load accf_http driver, but I am wondering if I should delete no-accf.conf file, and add the above directives for apache 2.2.17 , since I’ve already load the driver into FreeBSD? Or do nothing? ( I’ve tried both, but doesn’t find any difference)

Also, I’ve noticed a lot of simultaneous message logs like following generated by a very close & legal visit to the server. Is it related to the accept filter driver?

kernel: TCP: [visitor’s ip]:37229 to [server’s ip]:80 tcpflags 0x4; syncache_chkrst: Spurious RST without matching syncache entry (possibly syncookie only), segment ignored

or a lot of three way shaking failed messages( if from very far location to visit the server) , e.g.
_syncache_add: Received duplicate SYN, resetting timer and retransmitting SYN|ACK
syncache_timer: Response timeout, retransmitting (1) SYN|ACK
syncache_timer: Response timeout, retransmitting (1) SYN|ACK

ps. I set ipfw limit 50 simultaneous connections for the same IP to visit the site to prevent DoS attack.

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: