I've gone through this exercise on my own personal hobby nodes long ago. In my case I was just on an under-powered node for the load but I made sure my rewrite rules were optimized in the virtualserver config vs .htaccess and that I closed all rules with a final L to cease processing rules when matches were found. I also jacked up all the worker/server limits as high as I could go for the memory in the node this was a VPS node. Sendfile was 'on'. Anything I could do to keep anonymous users off the disk was important so I used tmpfs anywhere I could.
I also made sure all uses of a temp space were in tmpfs. I also maxed out all the /etc/security/limits.conf now set in systemd unit files limits and sysctl file limits to get them out of the way. Spikes of traffic can very briefly hit these limits and then everything just gets stuck and one has to wait for http and socket keep-alive timeouts. Oh right, and I also shortened http and socket keep-alive timeouts. If there are any proxy connections I used the same IP even if localhost many times on different ports to avoid port depletion time-wait assassination.
Probably the most important would be to share your rewrite rules on serverfault.com but one should expect some elitist a-hole responses and maybe one good genuine response. There may still be a few rewrite experts there. That would be the biggest gain.
If safe to do so, using 301 vs 302 can avoid some repeat hits if that is how you are redirecting.
I also kept an eye on ipcs -a to see if the semaphore counts were high or close to limits in sysctl.conf as apache uses or used this for sharing between the child processes.
Sometimes the problem can be just beyond apache and in socket timeouts due to time-wait exaustion but that would be obvious in dmesg and netstat -aeenp.
If the rewrite rules depend on DNS resolution then having a local instance of Unbound and increasing the min-ttl can help.
I hate to also suggest this but explain your load issue to several different AI's and paste your rewrite rules and ask for them to be optimized but dont get hopes up. They might turn your server into a bowl of petunias. Back everything up.
It's been a long time so I am trying to remember all the things I tried. These days if I have a lot of rewrites I do that in HAProxy or NGinx in maps but that's a bigger topic.
I've gone through this exercise on my own personal hobby nodes long ago. In my case I was just on an under-powered node for the load but I made sure my rewrite rules were optimized in the virtualserver config vs .htaccess and that I closed all rules with a final L to cease processing rules when matches were found. I also jacked up all the worker/server limits as high as I could go for the memory in the node this was a VPS node. Sendfile was 'on'. Anything I could do to keep anonymous users off the disk was important so I used tmpfs anywhere I could.
I also made sure all uses of a temp space were in tmpfs. I also maxed out all the /etc/security/limits.conf now set in systemd unit files limits and sysctl file limits to get them out of the way. Spikes of traffic can very briefly hit these limits and then everything just gets stuck and one has to wait for http and socket keep-alive timeouts. Oh right, and I also shortened http and socket keep-alive timeouts. If there are any proxy connections I used the same IP even if localhost many times on different ports to avoid port depletion time-wait assassination.
Probably the most important would be to share your rewrite rules on serverfault.com but one should expect some elitist a-hole responses and maybe one good genuine response. There may still be a few rewrite experts there. That would be the biggest gain.
If safe to do so, using 301 vs 302 can avoid some repeat hits if that is how you are redirecting.
I also kept an eye on ipcs -a to see if the semaphore counts were high or close to limits in sysctl.conf as apache uses or used this for sharing between the child processes.
Sometimes the problem can be just beyond apache and in socket timeouts due to time-wait exaustion but that would be obvious in dmesg and netstat -aeenp.
If the rewrite rules depend on DNS resolution then having a local instance of Unbound and increasing the min-ttl can help.
I hate to also suggest this but explain your load issue to several different AI's and paste your rewrite rules and ask for them to be optimized but dont get hopes up. They might turn your server into a bowl of petunias. Back everything up.
It's been a long time so I am trying to remember all the things I tried. These days if I have a lot of rewrites I do that in HAProxy or NGinx in maps but that's a bigger topic.
I might remember more tomorrow.