httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject mod_noloris: mitigating against slowloris-style attack
Date Thu, 25 Jun 2009 13:39:50 GMT
I was just thinking about a quick&dirty fix we could offer
to admins who are suddenly concerned about DoS attack.

The following, backed by dbm or memcache and assuming configurable
default and per-host concurrent connection limits, looks like an
outline candidate and works as a module:

static int noloris_conn(conn_rec *conn)
{
     /* kludge: just limit the number of connections per-ip */
     /* increment num-conn-from-host
      * register pool cleanup to decrement it
      * limit = per-host-limit || default-limit
      * if (num-conn > limit) {
      *     drop connection;
      *     return OK;
      * }
     return DECLINED;
}
static void noloris_hooks(apr_pool_t *p)
{
     ap_hook_process_connection(noloris_conn, NULL, NULL, APR_HOOK_FIRST);
}

Is this worth hacking up, or more trouble than it saves?

-- 
Nick Kew

Mime
View raw message