httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Mitigating the Slowloris DoS attack
Date Wed, 24 Jun 2009 08:05:17 GMT
Dirk-Willem van Gulik wrote:

> So what we did in the mid '90 when we where hit by pretty much the same
> was a bit simpler - any client which did not complete its headers within
> a a few seconds (or whatever a SLIP connection over a few k baud or so
> would need) was simply handed off by passing the file descriptor over a
> socket to a special single apache process. This one did a very single
> threaded async simple select() loop for all the laggards and would only
> pass it back to the main apache children once header reading was
> complete. This was later replaced by kernel accept filters.

Are kernel accept filters widespread enough for it to be reasonably
considered a generic solution to the problem? If so, then the solution
to this problem is to just configure them correctly, and you're done.

Regards,
Graham
--

Mime
View raw message