httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: DOS-Protection: RequestReadTimeout-like option missing
Date Sat, 11 May 2013 19:22:28 GMT

Am 11.05.2013 21:14, schrieb Stefan Fritsch:
> On Saturday 11 May 2013, Reindl Harald wrote:
>> https://issues.apache.org/bugzilla/show_bug.cgi?id=41270 is most
>> likely unrelated to the problem i see, but nobody and nothing
>> needs 30 seconds to complete a TCP connection, most requests
>> including the time of a php-script does not take more than 0.5
>> seconds at all
> 
> For mobile clients using a busy network cell, many seconds are not 
> unreaslistic. 

before send a single byte after connect?
unlikely!

The 30 seconds are a good default because they are
> unlikely to break legitimate clients. But it would be nice to be able 
> to configure different values, in case of an active DoS attack

thats my point, the problem currently in case of a DDOS is
you can not get rid of this connections never send any byte
after connect without lower the overall timeout to a value
where it breaks randomly web-applications even without attacks




Mime
View raw message