Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 7771 invoked from network); 4 Aug 2005 09:56:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 4 Aug 2005 09:56:52 -0000 Received: (qmail 95808 invoked by uid 500); 4 Aug 2005 09:56:46 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 95747 invoked by uid 500); 4 Aug 2005 09:56:45 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 95734 invoked by uid 99); 4 Aug 2005 09:56:45 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Aug 2005 02:56:45 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [80.229.52.226] (HELO asgard.webthing.com) (80.229.52.226) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Aug 2005 02:56:35 -0700 Received: from [192.168.10.2] (asgard [192.168.10.2]) by asgard.webthing.com (Postfix) with ESMTP id ED08D6451E for ; Thu, 4 Aug 2005 10:57:40 +0100 (BST) Message-ID: <42F1E694.2050506@webthing.com> Date: Thu, 04 Aug 2005 10:57:40 +0100 From: Nick Kew User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050407) X-Accept-Language: en-us, en MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: SSL downloads faster than non SSL? References: <42EFDCB9.5010309@cfl.rr.com> <92e3673aaf98a7561602cad399ecc5c8@ricilake.net> <42EFEB8E.9000506@cfl.rr.com> <6.2.1.2.2.20050803080502.0611d6a0@pop3.rowe-clan.net> <42F0E742.2060208@cfl.rr.com> <6.2.1.2.2.20050803115813.06689220@pop3.rowe-clan.net> <42F176ED.5040704@apache.org> <6.2.1.2.2.20050804010923.03ce64f0@pop3.rowe-clan.net> In-Reply-To: <6.2.1.2.2.20050804010923.03ce64f0@pop3.rowe-clan.net> X-Enigmail-Version: 0.90.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N William A. Rowe, Jr. wrote: > At 09:01 PM 8/3/2005, Bill Stoddard wrote: > >>A monitor thread would periodically check for a transmitfile >>completion status; if the completion status is too slow in >>coming, the monitor thread cancels the io and closes the socket. > > > We really need not wait ;-) Driving home from your neck of the > woods in NC (well, a bit west in fact, near Fontana) it struck me > that for all the individuals wishing for 'absolute' timeouts on > unix platforms, it would be rather cool to cache the start time > and run a parent thread against the scoreboard, killing all the > lingering processes subject to byte-at-a-time DoS attacks in the > headers. We would obviously need to be careful of lengthy req > bodies which would take more time than the 'absolute' timeout, but > your comment reminded me that perhaps, we can kill two birds with > one stone :) We can kill processes/threads that have spent too long in any given scoreboard state: that's exactly what I needed to do when I proposed what is now ap_hook_monitor. But as for byte-at-a-time DOS attacks, I don't think (OTTOMH) it's a good solution. If we have a shortish timeout but up it for long request bodies, the DOS simply mutates to sending Content-Length: $BIG_RANDOM ... [byte] .... [byte] .... -- Nick Kew