Website is slow or does not work: connect() to php-fpm.sock failed (11: Resource temporarily unavailable)

Symptoms

• Website exampe.com is slow or not available:

  PLESK_INFO: 502 Bad Gateway

  OR

  PLESK_INFO: 504 Gateway Time-out error

• MaxClients parameter tuning does not help.

• Errors are logged to /var/www/vhosts/system/example.com/logs/proxy_error_log very fastly:

  CONFIG_TEXT: [error] 31843#0: *30563813 connect() to unix:///var/www/vhosts/system/example.com/php-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 203.0.113.2, server: example.com, request: "HEAD // HTTP/1.1", upstream: "fastcgi://unix:///var/www/vhosts/system/example.com/php-fpm.sock:", host: "www.example.com"

• Website nginx error log analysis shows huge amount of HTTP requests from particular addresses:

  # tail -n 10000  /var/www/vhosts/system/example.com/logs/proxy_error_log |cut -f 19 -d ' '|sort|uniq -c|sort -nr|more
    3566 203.0.113.2,
    3158 203.0.113.3,
    2162 203.0.113.4,

Cause

The website is under DDoS attack.

Resolution

As a workaround, login to Plesk server via SSH and block the IP addresses sending huge amount of requests:

# iptables -I INPUT 1 -p tcp -s 203.0.113.2 -j DROP
# iptables -I INPUT 1 -p tcp -s 203.0.113.3 -j DROP
# iptables -I INPUT 1 -p tcp -s 203.0.113.4 -j DROP

As a permanent solution, consider installing Plesk extensions mentioned in the article below:

What DDoS protection tools does Plesk support?