httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bojan Smojver <bo...@rexursive.com>
Subject Re: Crazy slowloris mitigation patch
Date Sun, 18 Oct 2009 22:22:51 GMT
On Mon, 2009-10-19 at 00:00 +0200, Stefan Fritsch wrote:
> Randomly killing possibly legitimate connections is some kind of DoS, 
> too.

For sure. Anything we do, including reducing connection timeout on a
heavily loaded server is DoS. We just pick the type of DoS we want,
instead of the one attacker wants :-)

> But it's probably better than the current behaviour. It could 
> even improve the situation in the case where many processes are stuck 
> waiting for a broken ldap/backend/etc. server.

Yep, that's the deal.

> In any case, you should try to kill workers with SERVER_BUSY_KEEPALIVE
> before randomly killing processes.

True.

I meant the patch more as a proof of concept than a real solution (that
SIGINT is a poke in the eye and I haven't touched worker at all). I've
attached what you probably meant anyway.

-- 
Bojan

Mime
View raw message