httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Dessent <br...@dessent.net>
Subject Re: [users@httpd] Possible DDOS attack... ?
Date Tue, 21 Oct 2003 20:19:58 GMT
Gil Disatnik wrote:

> Access log shows the following on the client connecting:
> Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
> 
> however - it does show it requests around the many elements concurrently
> 
> Maybe it's a user who tweaked his IE to gain "extra speed"?

Could very well be.  There's a registry key that you can change that
sets this value.  I think it defaults to 2 for http/1.0 connections and
4 for http/1.1.  I am pretty sure I've seen more than one of these
"internet connection optimizer" programs that screw around with these
settings.

> concurrent gets, I simply wish to make sure apache will not spawn more than
> 4 childs to attend each client request, and in a case a client tries to get
> more than 4 - apache shall simply let his gets to wait until previous gets
> have finished... Is there a way to do that?

I don't think that's possible.  Apache doesn't know anything about who
is making each request.  All it knows is that when a request comes in,
it has three options: hand it off to an idle worker, create an idle
worker if one doesn't exist and # < MaxClients, or let the request wait
in the listen queue until there is a free worker.  And I'm not sure
here, but once Apache calls accept() on a connection, there's no way to
undo that and "put it back in the queue."  So in other words, in order
to attempt to do what you want, Apache would have to first accept the
connection (so that it could determine who's on the other end) but once
it's done this it now has that connection in the open state, there's no
way to undo that and put it back in the queue.  I suppose it could let
the connection dangle and not hand it off to a worker, but I'm not sure
if that would scale very well -- it might make Apache more vulnerable to
a denial of service attack.  It's much safer if you don't accept() the
connection until you're ready to deal with it and let the TCP/IP stack
manage the queue.

Brian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message