httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Stoddard <b...@wstoddard.com>
Subject Re: Bandwidth Limit on Windows
Date Thu, 15 Sep 2005 20:50:22 GMT
William A. Rowe, Jr. wrote:
> Bill Stoddard wrote:
> 
>>> My thinking on how to solve this has changed over the past year or 
>>> so... there are numerous ways to DoS an httpd server and you can't 
>>> protect against the more effective attacks at the httpd layer. 
>>
>>
>>
>> I forgot the punch line here but hopefully it's obvious where I'm 
>> heading...  apr_sendfile on windows performs badly because of a 
>> misguided attempt at mitigating a particular DoS attack against the 
>> server and the cure is worse than the disease.  We should change 
>> apr_sendfile to perform optimally on Windows w/o concern for httpd 
>> level DoS attacks.
> 
> 
> Yup.  It's definately worth considering your alternatives.  It's also
> worth looking at what socket-level timeouts exist, or if we can start
> plugging in some higher-level timeout within the MPM.  
But they all will be gated by the basic algorithm of timeout = Timeout * sizetosend/64KB unless
we discover 
how to determine if a TransmitFile is making progress.

> When a process
> does nothing in certain phases of the request cycle after some timeout,
> simply close the socket from underneath APR.
> 
> So how to figure out if we are making progress?  

By all means keep looking. I took a look a few months back and found nothing new. I do know
how to emulate 
event driven network i/o on windows now tho.

Bill





Mime
View raw message