httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Akins, Brian" <Brian.Ak...@turner.com>
Subject Re: svn commit: r790205 - /httpd/httpd/trunk/modules/experimental/mod_noloris.c
Date Thu, 02 Jul 2009 14:00:31 GMT
On 7/2/09 8:37 AM, "Nick Kew" <nick@webthing.com> wrote:

> Not everyone who's concerned right now about slowloris has
> iptables at their disposal.

Also, not everyone has access to the "real" IP very early in the connection
phase.  Some load balancers add the IP as a header.  Generally speaking,
most load balancers can handle many times more connections than the actual
webservers (even when there are many webservers).  Some load balancers per
IP blocking schemes are either nonexistent or just don't work.  Perhaps this
is beyond the scope of this discussion, but it is an unfortunate reality for
some folks.

-- 
Brian Akins


Mime
View raw message