httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <>
Subject Re: mod_auth-any/1672: Authentication / .htaccess DoS attack (fwd)
Date Thu, 15 Jan 1998 06:52:05 GMT
On Wed, 14 Jan 1998, Marc Slemko wrote:

> > We'll never be able to protect against DoS attacks, esp if a
> > nasty user wants to fool around... After all, they could upload
> > a HUGE graphic, then log in with a 9600baud modem, load the image,
> > and as that comes through, create a new browser-window, load it
> > again, etc.. until MaxClients.
But there is already a lot of time-out type of protection in the various
not so blocking read/writes. That is different from the /dev/zero type of 
go-away problems; which might mean an overall resource/time/cycles limit.

Though I would personally put a note in the doc's to set your limits to
a sensible value. I just tried that on BSD, and it hapily terminated the
child at a sensible moment.


View raw message