# (Apache) Best AcceptMutex method for FreeBSD?



## frijsdijk (Oct 24, 2012)

Hi,

Short, simple question.. what would be the best AcceptMutex method for Apache (2.2) in FreeBSD, specifically when running large volume sites?


----------



## frijsdijk (Oct 24, 2012)

AFAIK there are 4 valid options:

*AcceptMutex flock*
    This method uses the flock(2) system call to lock a lock file (located by the LockFile directive).

*AcceptMutex fcntl*
    This method uses the fcntl(2) system call to lock a lock file (located by the LockFile directive).

*AcceptMutex pthread*
    (1.3 or later) This method uses POSIX mutexes and should work on any architecture implementing the full POSIX threads specification, however appears to only work on Solaris (2.5 or later), and even then only in certain configurations. If you experiment with this you should watch out for your server hanging and not responding. Static content only servers may work just fine.

*AcceptMutex posixsem*
    (2.0 or later) This method uses POSIX semaphores. The semaphore ownership is not recovered if a thread in the process holding the mutex segfaults, resulting in a hang of the web server.

.. the first two seem the most safe. The last two would seem the fastes, but there are riscs. Anyone with a educated opinion?


----------



## Anonymous (Oct 25, 2012)

frijsdijk said:
			
		

> .. the first two seem the most safe. The last two would seem the fastes, but there are riscs. Anyone with a educated opinion?



I also looked into this, and I am interested in an authorized opinion too. For the time being I help myself with best educated guesses:

Posix semaphores should be the fastest option, however, I guess that this is more important for the worker and event mpm, which heavily use posix threads for request processing.

I would not exactly call it safe, if the server continues as if nothing happened when a child thread/process crashes. This is an indication that something severely bad occured in processing a request - perhaps forced by a forged attacking request, e.g. a CGI ran wild when processing POST data. So, perhaps it would be more safe (secure), if the server would lock down itself, and force the admin to investigate the issue.

On the other hand, since these kind of issues usually happen at 2:30 to 3:30 am, the default AcceptMutex flock saves the admin from a heard attack, and for this reason is more safe even if it would be less secure.


----------

