httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch>
Subject Re: Crazy slowloris mitigation patch
Date Sun, 18 Oct 2009 09:15:35 GMT
On Sunday 18 October 2009, Bojan Smojver wrote:
> But the real deal is that there is a finite amount of resources we
>  have (be that sockets, threads or processes) and we need to decide
>  how we are willing to dole these out.

What about defining an API to determine if the server has resource 
shortage and then make various parts of Apache react to that, e.g.

- reduce KeepAliveTimeout
- increase MinRateLimit in mod_reqtimeout
- decreatse MaxClientConnections in mod_noloris
- increase minimum download rate requirement (mod_bwlimit?)
- kill connections in BUSY_READ state

Maybe this could be a two step process, e.g. start reduceing timeouts 
when 80% of the threads are in use and start killing connections in 
BUSY_READ or keepalive state when all threads are busy.

This would be a more general version of the patch posted here a few 
months back, which dynamically adjusted Timeout depending on the 
server load.

But I fear this would only be effective if there is a way to also 
influence threads that are blocking on IO.

View raw message