httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ivan Barrera A." <Br...@Ivn.cl>
Subject Re: Timeout for requests
Date Tue, 03 May 2005 22:12:30 GMT
> You mean the httpready filter?  The accept will trigger once the buffer
> is full, so yes, large requests will defeat it eventually, but you still
> get the benefit of not tying up an Apache process until the buffer has
> been filled.  The question was regarding just opening up lots of
> connections and letting them sit there, so the request size didn't
> matter in the context of the question.
> 
> And yes, if you have KeepAlive enabled, there is no protection for
> subsequent slow or stalled requests, but there is a KeepAlive timeout
> there.  Most busy sites disable KeepAlive anyway since it is a DoS
> feature in the sense that you tend to get a lot of processes sitting
> around waiting on slow clients.
> 
> I did fix an issue last year where even with accept filtering enabled
> you could DoS any Apache server by simply opening MaxClients connections
> and trickling a carriage return to each connection very slowly.  So for
> people seeing DoS issues like this, I would suggest upgrading to the
> latest version, turning on accept filtering and turning off keepalive.
> 

I haven't been able to enable acceptfilters on linux. Where can i get a
howto or some info ?

> -Rasmus
> 

Mime
View raw message