Re: How to prevent from simple DoS?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Joshua Slive <joshua@xxxxxxxx> wrote:
Apache httpd does log when a connection hits a TimeOut. (Or if it
doesn't, that is certainly a bug that should be reported.) So I don't
really understand the premise here.
If you hit the timeout, the request is logged in the error log at loglevel error.
That much is true. But it is not very difficult to work around the timeout.
It is usually reset after every TCP package as it is being recieved. Even for
the header phase on those apache servers I checked. (However, the
documentation advertises "The total amount of time it takes to receive a GET
request.")
If I work around the timeout n times
and finally send a valid request,
then I am able to block a thread/process for n * timeout - 1 and nothing
appears in the logfile. There are the header limit directives, but it is
hardly possible to set them to very low values and besides: who
cares about headers, when there is a request body do be slowed down.
As a sidenote: netstat on Linux reveals a few interesting timing infos.
Other operation systems seem to be less verbose in this regard.
For ideas on reducing your carbon footprint visit Yahoo! For Good this month.
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
