MaxRequestWorkers directive sets the limit on the number of simultaneous requests that will be served by Apache. Any connection attempts over the
MaxRequestWorkers limit will normally be queued (Not dropped). Once a child process is freed at the end of a different request, the queued connections will then be serviced.
ServerLimit directive represents the upper limit of
MaxRequestWorkers. This setting is generally used as a safeguard or ceiling against input errors when modifying
MaxRequestWorkers. It becomes necessary to adjust
ServerLimit when the server is expected to handle more than the default of
150 requests simultaneously.
You can see both of these directives by running this command: (These values represent the default values in a cPanel environment)
grep -Ei "(MaxRequestWorkers|ServerLimit)" /etc/apache2/conf/httpd.conf
It is essential to tune Apache's MaxRequestWorkers setting to mitigate the risk of resource usage problems that could lead to a crash and to ensure that your server can use the resources available to it.
Special care must be taken when using this directive. If
ServerLimit is set to a value much higher than necessary, extra, unused shared memory will be allocated. If both
MaxRequestWorkers are set to values higher than the system can handle, Apache may not start or the system may become unstable.
Please refer to these links for information on how to optimize these directives for your server:
Tuning MaxRequestWorkers As a Way To Prevent DDoS Attacks:
DDoS (Distributed Denial Of Service) tries to deny important services running on the system by sending heavy traffic, so that the server can’t handle it. This is possibly the most common type of attack involving Apache.
There are multiple ways to modify your system to defend against DDoS attacks. One such way is via tweaking Apache's configuration by modifying directives such as
MaxRequestWorkers, etc. to reduce the impact of DDoS attacks.
For example, you can lower the
KeepAliveTimeout parameter on sites that are subject to DDoS attacks. Similarly, tuning
MaxRequestWorkers directive allows the server to handle maximum number of simultaneous connections without running out of resources.
However, possibly the most important step against a DDoS attack is to detect it. You can refer to these links for more information on how to determine if your server is experiencing a DDoS attack: