httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Erenkrantz <jerenkra...@apache.org>
Subject Re: Flood?, WAS: RE: www & jakarta.apache.org not responding on port 80 or 22
Date Wed, 25 Sep 2002 23:12:43 GMT
On Wed, Sep 25, 2002 at 11:23:21PM +0200, Sander Striker wrote:
> > -----Original Message-----
> > From: Bill Moseley [mailto:moseley@hank.org]
> > Sent: 25 September 2002 21:14
> 
> [...]
> > BTW -- maybe it's not such a good idea that Flood uses search.apache.org as
> > an example site to test with in its docs... ;)
> 
> Please tell me it ain't so...

Well, it is, but that's not going to be causing 500 swish-e requests
constantly.  It might do about 15 swish-e request in total depending
upon which example they use (3 per profile run, 5 times).  Does anyone
have any knowledge that these DoSes are caused by malicious use of
flood?  If so, I want to buy the script kiddie a beer at ApacheCon.

Someone using flood maliciously could tweak the parameters anyway.
I think the value of having examples which actually do something is
worth it.  If we were to switch it to example.com, the examples wouldn't
work because we need a site that is operational to generate data so
flood can work (the profiles can use data from the previous request to
generate the next request).  So, providing examples that could never
work I think is a bad thing to do.  (Especially given that flood
relies on contacting a server, so you can't easily setup a page which
shows how to use these features.)  Using example.com makes more sense
for a server, but I think it makes no sense for showcasing a client.

I've suggested before setting up a test-only server within the ASF
domain for flood's usage and received zero feedback.

"Flood doesn't kill sites, people do." -- justin

Mime
View raw message