How expensive is a hostname in htaccess? Other solutions possible?

Posted on

How expensive is a hostname in htaccess? Other solutions possible? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, performance, .htaccess, hostname, apache-2.2.

For easy allow or disallowing of dynamic IP-adresses you can add them as a hostname in a .htaccess file.

As I have read from:
.htaccess allow from hostname?

it does a reverse lookup on the
connecting ip address, seeing if the
response matches the allowed name.

(Well, actually Apache is doing a
double lookup, first a reverse lookup
and then a forward lookup on the
result of the reverse.)

This is the reason we are currently not using dynamic-ip hostnames in the .htaccess: this “sounds” quite heavy: 2 extra lookups for every request.

  • Is this indeed quite heavy, and would a reasonably busy server that is rather looking for less then more load get away with this :)? (e.g.: how does this ‘load’ compare to the rest? If a request is 1000 times more expensive then the lookups it might be negligible. otoh, it could be that final straw 🙂 )
  • Are there other solutions? I can write a script that does a lookup of the hostname and put it in .htaccess files ofcourse, but this feels a bit like a hack.

Solution :

Just using .htaccess itself is a performance-killer. When AllowOverrides is on in any fashion in the Apache global config, httpd has to look for a .htaccess file at every directory level of the URI on every request, in case there is something there it needs to read. This amounts to a lot of extra lstat() calls that add latency and increase the amount of work the server has to do. Maybe you’re stuck with .htaccess because of a shared hosting setup, but then you can’t really get “high performance” anyway… 😉

Setting aside that DNS isn’t the greatest indicator, what is your goal in disallowing “dynamic” IP addresses? This would be something better suited to an application firewall– something sitting in front of your Apache server(s) doing the IP inspection, possibly by checking a blacklist, possibly using a local DNS resolver.

Problem with hostnames is that server process hangs up while doing DNS lookup so the slower it is, the more it affects server.
If you see no problems with more apache childs in memory it would not be a big deal (in extreme but not likely cases of very slow lookups you may even run out of MaxClients number), but if you are limited consider using script to update IPs in .htaccess it or something like that.

Leave a Reply

Your email address will not be published.