httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Folini <christian.fol...@netnea.com>
Subject Re: [Fwd: Slowloris]
Date Mon, 22 Jun 2009 20:46:21 GMT
On Mon, Jun 22, 2009 at 02:23:12PM +0200, Dirk-Willem van Gulik wrote:
>>> -    Seriously rewrite apache/add a worker which mimics the
>>> accept_filter.ko
>>>      of freebsd somewhat in that it as a single threaded async select()
>>> loop
>>>      which buffers things up until they are cooked enough (i.e. the
>>> client has
>>>      enough skin in the game) to hand off to a real worker.

Is not this mechanism limited to HTTP and misses HTTPS? So I
do not think it can be a general solution.

I am not an apache developer, but would not the event mpm be of
some use in this case?

Otherwise, I see a lack of granular timeout values. RSnake's
latest take can be fought with a low KeepAliveTimeout
(-> http://ha.ckers.org/blog/20090620/http-longevity-during-dos/)
One should be able to assign timeouts to other request phases too.
And it should be possible to set these timeouts in a way that a
subsequent header or a single post payload byte is not resetting
them to zero again.

Just my 2 cents

Christian Folini

-- 
If you shut your door to all errors truth will be shut out.
--- Rabindranath Tagore

Mime
View raw message