httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Houser, Rick" <Houser.R...@aoins.com>
Subject RE: correct hook function after accepting connection
Date Fri, 28 Aug 2009 17:18:10 GMT
> However, I would suggest that connections are better dropped at
> IP-level (by firewall rules/iptables) or by using

I agree for blocking access, however a module that was to add something
like a per-IP connection-rate or simultaneous connection limit could be
a nice gem for the toolbox, too :).


Thanks,

Rick Houser
Auto-Owners Insurance
Systems Support
 

> -----Original Message-----
> From: Sorin Manolache [mailto:sorinm@gmail.com] 
> Sent: Friday, August 28, 2009 10:34 AM
> To: modules-dev@httpd.apache.org
> Subject: Re: correct hook function after accepting connection
> 
> On Fri, Aug 28, 2009 at 16:06, Robert Schulze<rs@bytecamp.net> wrote:
> > Hi,
> >
> > is there a hook for dealing with connections *before* any 
> http data is read?
> > The reason for this todo would be dropping connections from 
> hosts without
> > ever reading the request - keeping slowloris in mind.
> >
> > With kind regards,
> >
> > Robert Schulze
> >
> 
> You have a choice among these:
> 
> pre_connection(conn_rec *, void *)
> process_connection(conn_rec *)
> 
> If return != OK && != DECLINED => connection is not processed.
> 
> However, I would suggest that connections are better dropped at
> IP-level (by firewall rules/iptables) or by using
> 
> Order allow,deny
> Allow from all
> Deny from the_ips_you_want_to_reject
> 
> Regards,
> S
> 
> -- 
> A: Because it reverses the logical flow of conversation.
> Q: Why is top-posting frowned upon?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?
> 
> 


Mime
View raw message