Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 99837 invoked from network); 25 Jun 2009 16:59:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 25 Jun 2009 16:59:55 -0000 Received: (qmail 77505 invoked by uid 500); 25 Jun 2009 17:00:03 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 77484 invoked by uid 500); 25 Jun 2009 17:00:03 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 77475 invoked by uid 99); 25 Jun 2009 17:00:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Jun 2009 17:00:03 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [72.167.82.86] (HELO p3plsmtpa01-06.prod.phx3.secureserver.net) (72.167.82.86) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 25 Jun 2009 16:59:52 +0000 Received: (qmail 9465 invoked from network); 25 Jun 2009 16:59:31 -0000 Received: from unknown (76.252.112.72) by p3plsmtpa01-06.prod.phx3.secureserver.net (72.167.82.86) with ESMTP; 25 Jun 2009 16:59:30 -0000 Message-ID: <4A43ACE6.9030105@rowe-clan.net> Date: Thu, 25 Jun 2009 11:59:18 -0500 From: "William A. Rowe, Jr." User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: users@httpd.apache.org References: <24194473.post@talk.nabble.com> <4A432EDD.3080206@ice-sa.com> <24203038.post@talk.nabble.com> <4A437958.1020604@ice-sa.com> <4A43950A.30607@rowe-clan.net> <1245947632.2437.203.camel@strangepork.london.mintel.ad> In-Reply-To: <1245947632.2437.203.camel@strangepork.london.mintel.ad> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Setting the Timeout directive to refrain a DoS attacks Tom Evans wrote: > > It is a bit like an arms race - I guess a solution could be to use a > dedicated thread for reading in POST bodies. This is why IIS appears to the author that is invulnerable; IIS does fill an initial buffer, at least 64k worth. Exhaust that buffer and it should cripple IIS just fine. Because ultimately, you are not going to 'read POST bodies' as a specific functional step. They are of arbitrary length. I can POST an entire .iso dvd image. If not consumed while read, this operational step would be a joke, and you have a whole new DoS vector. If Apache 3.0 event MPM becomes free-threaded, this situation goes away; while waiting for more POST content, the request handler and modules would not occupy a thread at all. Look forward to the dire warnings of the evils of threading, all over again, as third party modules are discovered to be buggy, and are slowly fixed or forgotten. > The best way to stop slowloris is to not allow a single user to cripple > your server in this way, by restricting the number of connections a > single IP can have to your servers. That of course, only leads to it > becoming a DDoS rather than a DoS. Precisely. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org