httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] New DOS HTTP tool
Date Fri, 19 Jun 2009 13:41:17 GMT
On Thu, 2009-06-18 at 08:48 +0100, Nick Kew wrote:
> On 17 Jun 2009, at 21:59, Julien Pauli wrote:
> 
> > Any suggestions, ideas ? ;)
> 
> OhBugger.  I meant to test-drive this before it went (fully) public.
> 
> If you want to be helpful with this, you might like to test-drive
> how the following affect this:
>    * Event MPM over others (and Worker over Prefork)
>    * AcceptFilters
>    * mod_evasive and bandwidth modules
> on your choice of platform.
> 

I did a little testing with this. All my testing was on FreeBSD 7.2,
httpd 2.2.11, with prefork and event MPMs.

The tool had few problems DoS'ing a prefork MPM, it normally consumed
all resources within the first 10-15 seconds. 
With event MPM, it barely affected it at all. 

We've encountered this in the wild - sort of. A misbehaving client was
(accidentally) generating hundreds of keep-alive connections, and
managed to stop our prefork MPM based proxies from serving any requests.
This was the final proof to my manager to allow me to replace them with
event MPM proxies :)

Nick, do you know how far along httpd 2.3 is? We use event MPM for our
client facing reverse proxies, but we still have to use prefork in our
organization for our SSL reverse proxies. As I understand the docs, the
limitation of mod_ssl not working with event is gone in trunk?

Cheers

Tom


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message