Recently i have briefed few possibilities to increase MySQL response time and overall performance, so let’s talk how we can tweak configuration file of MySQL to bridge the gap between blazingly fast CPUs and comparatively slow disks, certainly “the memory”. By adjusting how much memory MySQL uses, you can often realize significant performance improvements, but before that we need to understand how MySQL uses memory. As MySQL is extensively tested for any memory leakage, we can focus our concern to any miss configuration and hence miss utilization of memory. MySQL provides different default configuration file that you can configure further, according to your server hardware and traffic. (more…)
September 16, 2007
September 11, 2007
Optimizing MySQL performance
Performance of any web application depends on several aspects, some times web server alone can cause a lot of performance diminution if not configured properly but the major concern for any web application performance degradation are the database. Lots of applications are constantly being developed and deployed using the LAMP (Linux, Apache, MySQL, PHP) architecture. Certainly the server administrator has little control over the application itself because it’s written by someone else but they still play a major role for any web application performance. Today i’m going to discuss another major performance issue, MySQL memory bottleneck.
Let’s start with estimating your web site response time, using curl
curl -o /dev/null -s -w %{time_connect}:%{time_starttransfer}:%{time_total} http://www.google.com/ (more…)
September 6, 2007
Advance Apache Security – mod_proxy,mod_security and mod_evasive
Earlier to this post we have talked ’bout apache server installation for best performance and securing the server using tcp wrappers and iptables filrewall, let’s take the whole discussion one step further and talk ’bout application security hosted on your web server.
As more and more attacks are being carried out over the HTTP layer there is a growing need to push the envelope and bring Web security to new levels. Most existing tools work on the TCP/IP level, failing to use the specifics of the HTTP protocol in their operation. The need for increased security has lead to the creation of application gateways, tools that are essentially reverse proxies with the added capability of protocol analysis. Apache web server it self provides solution of the problem to a great extent, provided it’s loaded with some specific modules. (more…)
September 3, 2007
Configure Linux Box as Internet Gateway
My last few post were ’bout Linux firewall and Network address translation using iptables. For me iptables is a very dynamic tool to configure things with Linux box, like free Linux firewall, transparent proxy and Linux router to share internet connection. So this post is ’bout configuring Linux box as a secure and safe internet gateway using iptables and squid.
You don’t need a hi-fi machine for the task, any low end machine could do good enough with two Network Interface Card installed on it. I’m always comfortable with fedora core so i used it again however any destro could do but then the steps here might need same changes, anyways i’ve used fedora core 6 i.e. latest kernel with iptables support. Once installed you are ready to configure Linux router on the system. (more…)
September 2, 2007
Linux Firewall – iptables and NAT
Earlier to this we have talked ’bout iptables filtering, a simple firewall and filtering rules to secure your Linux box. To understand IPtables a little more then just blocking and filtering, we are going to talk ’bout Network Address Translation.
NAT, Network Address translation basically is of two types SNAT and DNAT.
SNAT, Source NAT is when you alter the source address of the first packet: i.e. you are changing where the connection is coming from. Source NAT is always done post-routing, just before the packet goes out onto the wire. Masquerading is a specialized form of SNAT.
DNAT, Destination NAT is when you alter the destination address of the first packet: i.e. you are changing where the connection is going to. Destination NAT is always done before routing, when the packet first comes off the wire. Port forwarding, load sharing, and transparent proxying are all forms of DNAT. (more…)
