httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Stoddard <>
Subject Re: Bandwidth Limit on Windows
Date Thu, 15 Sep 2005 20:50:22 GMT
William A. Rowe, Jr. wrote:
> Bill Stoddard wrote:
>>> My thinking on how to solve this has changed over the past year or 
>>> so... there are numerous ways to DoS an httpd server and you can't 
>>> protect against the more effective attacks at the httpd layer. 
>> I forgot the punch line here but hopefully it's obvious where I'm 
>> heading...  apr_sendfile on windows performs badly because of a 
>> misguided attempt at mitigating a particular DoS attack against the 
>> server and the cure is worse than the disease.  We should change 
>> apr_sendfile to perform optimally on Windows w/o concern for httpd 
>> level DoS attacks.
> Yup.  It's definately worth considering your alternatives.  It's also
> worth looking at what socket-level timeouts exist, or if we can start
> plugging in some higher-level timeout within the MPM.  
But they all will be gated by the basic algorithm of timeout = Timeout * sizetosend/64KB unless
we discover 
how to determine if a TransmitFile is making progress.

> When a process
> does nothing in certain phases of the request cycle after some timeout,
> simply close the socket from underneath APR.
> So how to figure out if we are making progress?  

By all means keep looking. I took a look a few months back and found nothing new. I do know
how to emulate 
event driven network i/o on windows now tho.


View raw message