httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@leland.Stanford.EDU>
Subject Re: Fwd: YA Apache DoS attack
Date Fri, 07 Aug 1998 23:03:04 GMT
On Fri, 7 Aug 1998, Brian Behlendorf wrote:

> >There seems to be a simple way of badly DoSing any Apache server. It
> >involved a massive memory leak in the way it handles incoming request
> >headers. I based my exploit on the assumption that they use setenv()
> >(which they don't) and that the bug occurs when you send a header that
> >will end up as an environment variable if you request a CGI script
> >(such as User-Agent), but I have since verified that there is no
> >connection there. Anyway, you can blow Apache through the roof by
> >sending it tons of headers - the server's memory consumption seems to
> >be a steep polynomial of the amount of data you send it. Below is a
> >snapshot of top(1) about one minute after I sent my server a request
> >with 10,000 copies of "User-Agent: sioux\r\n" (totalling 190,016 bytes
> >of data)

See my previous email for a description of why this happens, but one more
note: This only occurs when the headers are the same, so the table entries
are merged. Sending 10,000 headers with distinct key name should not cause
this problem.

-- Alexei Kosut <> <>
   Stanford University, Class of 2001 * Apache <> *

View raw message