Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E1D0010476 for ; Tue, 30 Apr 2013 19:01:41 +0000 (UTC) Received: (qmail 65915 invoked by uid 500); 30 Apr 2013 19:01:41 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 65746 invoked by uid 500); 30 Apr 2013 19:01:41 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 65735 invoked by uid 99); 30 Apr 2013 19:01:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Apr 2013 19:01:41 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of h.reindl@thelounge.net designates 91.118.73.15 as permitted sender) Received: from [91.118.73.15] (HELO mail.thelounge.net) (91.118.73.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Apr 2013 19:01:36 +0000 Received: from srv-rhsoft.rhsoft.net (openvpn-rh.thelounge.net [10.0.0.241]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (THELOUNGE MTA) with ESMTPSA id 3b0XBz25L2z2j for ; Tue, 30 Apr 2013 21:01:15 +0200 (CEST) Message-ID: <518014FA.1030809@thelounge.net> Date: Tue, 30 Apr 2013 21:01:14 +0200 From: Reindl Harald Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130402 Thunderbird/17.0.5 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: URL scanning by bots References: <517F96F0.3090004@ice-sa.com> <517F997C.6040606@thelounge.net> In-Reply-To: X-Enigmail-Version: 1.5.1 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2OEUGTLKBULESRKGDXJUT" X-Virus-Checked: Checked by ClamAV on apache.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2OEUGTLKBULESRKGDXJUT Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 30.04.2013 20:38, schrieb Ben Laurie: > On 30 April 2013 11:14, Reindl Harald wrote: >> no - this idea is very very bad and if you ever saw a >> DDOS-attack from 10 thousands of ip-addresses on a >> machine you maintain you would not consider anything >> which makes responses slower because it is the wrong >> direction >=20 > There's no reason to make this a DoS vector - clearly you can queue > all the delayed responses in a single process and not tie up available > processes. And if that process gets full, you just drop them on the > floor PLEASE inform you how a server works * you have at least a lot of open connections * you will overload port and/or file-hanlde ressources * delay respones is purely idiotic * on any server with load you will ALWAYS get rid of connections as fast as possible in ANY situation and context PLEASE come back until you understood why delay responses is simply idiotic, even for regular sites if they have noticeable load and a lot of 404 because a relaunch or whatever bug > In general, I hate the argument that improvement X has obvious > workaround A and therefore we should not bother with it. It's > absolutely impossible to make forward progress in security with that > attitude and with your attitude propose things while not understand any basics it would be a imporvment of what possible? ------enig2OEUGTLKBULESRKGDXJUT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGAFPoACgkQhmBjz394AnmX6ACdG2B/nWz0P0z56ha/DqWBiQtp cWoAnihAsTTvpnckoH7qGB/0srYiX1cl =o9s8 -----END PGP SIGNATURE----- ------enig2OEUGTLKBULESRKGDXJUT--