httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <p.richa...@elsevier.co.uk>
Subject Re: Problems w/ deny
Date Tue, 07 Jan 1997 10:25:47 GMT
Alexei Kosut <akosut@nueva.pvt.k12.ca.us> writes:

> On Tue, 7 Jan 1997, Rob Hartill wrote:
> 
> > I think there should be a very small timeout of reading the request +
> > HTTP headers. I don't see why a server should wait more than a few (~5)
> > seconds for the basic request info. 
> 
> I do: in development, often it is necessary to telnet to the server
> and type in a request (sometimes a rather complex one) manually. This
> can upwards of 30 seconds. However, I agree 20 minutes is ridiculous.

Summarising a few elements of this thread.

The server should wait a fair while since network lag can cause
problems otherwise. 20 minutes sounds like a blunder though and can be
considered a genuine bug that should be fixed for 1.2.

Apache shouldn't concern itself with network attacks. Apache is a web
server not a firewall tool, make it a good web server and rely on
other people to supply good firewalls. If you're getting attacked by a
site then Apache is not the place to try and deal with it.

A feature that allowed you to control the number of simultaneous
connections from a site is a very good one though for a very different
reason, i.e. licensing. I currently control the number of simultaneous
users from a site using cgi scripts, making this possible via the
access control mechanism of the server would be very useful.

-- 
  Paul Richards. Originative Solutions Ltd.  (Netcraft Ltd. contractor)
  Elsevier Science TIS online journal project.
  Email: p.richards@elsevier.co.uk
  Phone: 0370 462071 (Mobile), +44 (0)1865 843155

Mime
View raw message