httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51103] mod_reqtimeout does not drop connection and return 408
Date Fri, 22 Apr 2011 12:02:19 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51103

--- Comment #1 from Stefan Fritsch <sf@sfritsch.de> 2011-04-22 08:02:17 EDT ---
(In reply to comment #0)
> Steps to reproduce (A)
> ----------------------
> 1. Launch a slow-post attack using the OWASP HTTP DoS tool
> (http://code.google.com/p/owasp-dos-http-post/downloads/list)
> http_dos_cli --host 1.2.3.4 --port 80 --path /server-status --slow-post
> --post-field j_username --connections 1000 --rate 1000 --timeout 5
> 2. Sniff network traffic using Wireshark, observe requests being truncated and
> handled, resulting in a 200 return code.

I couldn't reproduce this (but I don't have windows to actually try the tool).
Can you provide the wireshark dump (maybe filtered to only contain one
request)? Do you have mod_status listening for /server-status?


> Steps to reproduce (B)
> ----------------------
> 1. Launch a slow-headers attack
> 2. Sniff network trafic using Wireshark, observe requests being dropped with a
> 400 code being returned.

This happens in various situations and is fixed in trunk. The fixes should
probably be backported to 2.2.x. The relevant commits are r820760 r919323
r937858 r938265

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message