Return-Path: Delivered-To: apmail-httpd-modules-dev-archive@minotaur.apache.org Received: (qmail 51100 invoked from network); 28 Aug 2009 17:34:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 28 Aug 2009 17:34:59 -0000 Received: (qmail 21614 invoked by uid 500); 28 Aug 2009 14:34:43 -0000 Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org Received: (qmail 21571 invoked by uid 500); 28 Aug 2009 14:34:43 -0000 Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: modules-dev@httpd.apache.org Delivered-To: mailing list modules-dev@httpd.apache.org Received: (qmail 21561 invoked by uid 99); 28 Aug 2009 14:34:43 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Aug 2009 14:34:43 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of sorinm@gmail.com designates 209.85.220.220 as permitted sender) Received: from [209.85.220.220] (HELO mail-fx0-f220.google.com) (209.85.220.220) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Aug 2009 14:34:19 +0000 Received: by fxm20 with SMTP id 20so1662262fxm.24 for ; Fri, 28 Aug 2009 07:33:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=fGBHi4IOPBDIhS1dkDa5w8URVuCQBur6CpDetrCpjSk=; b=oZWQmAkEk6b4SKHZ1ao6jMEn+EcaEeRCxyhFGEnmcF5ECoiO4ryTpXBRoD32zzO3cP SGHaMa3rs+8njQiy+FI+w1Yoj1Qq4h+zyWV4Sm92cNuDv1FiWhFgcN1EfpTtLG5s3AE+ KBTZ3yLI6MYYUabFDXuoT0Nab9ZLUNevBBkko= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ifeFU7nNPXnNbE2L8K3CDy6Jz8ReyLs6fW8a+ADX/H1ONNLENvohAAdiVMFZ6c3FlS KrsyPQ8S+vWQPrFB+TDTN6q2ZQHIqhuCtbSXJgWi9YyBw0V43wRv1FmTzZezLz4SSkUv /McU/Q2K+JmTEjX7VvsNXdVPVZbFVCZgwzwgs= MIME-Version: 1.0 Received: by 10.103.125.19 with SMTP id c19mr327084mun.59.1251470038775; Fri, 28 Aug 2009 07:33:58 -0700 (PDT) In-Reply-To: <4A97E44B.4070604@bytecamp.net> References: <4A97E44B.4070604@bytecamp.net> Date: Fri, 28 Aug 2009 16:33:58 +0200 Message-ID: <20170a030908280733l2a6d407bg4393845241eb0c90@mail.gmail.com> Subject: Re: correct hook function after accepting connection From: Sorin Manolache To: modules-dev@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org On Fri, Aug 28, 2009 at 16:06, Robert Schulze wrote: > Hi, > > is there a hook for dealing with connections *before* any http data is read? > The reason for this todo would be dropping connections from hosts without > ever reading the request - keeping slowloris in mind. > > With kind regards, > > Robert Schulze > You have a choice among these: pre_connection(conn_rec *, void *) process_connection(conn_rec *) If return != OK && != DECLINED => connection is not processed. However, I would suggest that connections are better dropped at IP-level (by firewall rules/iptables) or by using Order allow,deny Allow from all Deny from the_ips_you_want_to_reject Regards, S -- A: Because it reverses the logical flow of conversation. Q: Why is top-posting frowned upon? A: Top-posting. Q: What is the most annoying thing in e-mail?