httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <>
Subject Re: Mitigating the Slowloris DoS attack
Date Wed, 24 Jun 2009 07:54:13 GMT
Akins, Brian wrote:
> On 6/22/09 10:40 PM, "Weibin Yao"<>  wrote:
>> I have an idea to mitigate the problem: put the Nginx as a reverse proxy
>> server in the front of apache.
> Or a device that effectively acts as such.
So what we did in the mid '90 when we where hit by pretty much the same 
was a bit simpler - any client which did not complete its headers within 
a a few seconds (or whatever a SLIP connection over a few k baud or so 
would need) was simply handed off by passing the file descriptor over a 
socket to a special single apache process. This one did a very single 
threaded async simple select() loop for all the laggards and would only 
pass it back to the main apache children once header reading was 
complete. This was later replaced by kernel accept filters.



View raw message