httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: fork free
Date Sun, 23 Apr 1995 03:44:25 GMT
On Sat, 22 Apr 1995, Rob Hartill wrote:
> The latest fork-free patch is in /patches/for_Apache_0.6.2/
> 
> Things we need to fix...
> 
> There's a potential problem in the current setup, which I think
> the NCSA approach will suffer from too, it should be possible for
> a trouble maker to open N connections, and grab the attention of
> all N child processes. He can then hold these N connections open
> for TIMEOUT seconds, and thus block all other connections to the
> server.

At the very least, if all children are busy, there should be at least one 
more process listening on the port that sends a 503 response.  

My first thought was to try and devise some algorithm that checked for 
attacks like this by seeing if the requests were coming from the same 
host or something, but that could be defeated without too much trouble.

Ugh, Simon's probably right in that every algorithm we could devise could 
be defeated by someone who also knew the algorithm.  It seems this is 
much more a TCP/IP issue than something we could control - maybe a 
command the equivalent of "ftpwho" for FTP sites could be implemented.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/


Mime
View raw message