Tom Evans wrote:
On Thu, 2009-06-18 at 08:48 +0100, Nick Kew wrote:On 17 Jun 2009, at 21:59, Julien Pauli wrote:Any suggestions, ideas ? ;)OhBugger. I meant to test-drive this before it went (fully) public. If you want to be helpful with this, you might like to test-drive how the following affect this: * Event MPM over others (and Worker over Prefork) * AcceptFilters * mod_evasive and bandwidth modules on your choice of platform.I did a little testing with this. All my testing was on FreeBSD 7.2, httpd 2.2.11, with prefork and event MPMs. The tool had few problems DoS'ing a prefork MPM, it normally consumedall resources within the first 10-15 seconds. With event MPM, it barely affected it at all.
Thanks for testing that. I'm just running the same now on OpenSolaris, and I anticipate similar results.
Nick, do you know how far along httpd 2.3 is? We use event MPM for our client facing reverse proxies, but we still have to use prefork in our organization for our SSL reverse proxies. As I understand the docs, the limitation of mod_ssl not working with event is gone in trunk?
That's a yes-and-no. The limitation is worked around (and I think backported to recent-2.2) by falling back to Worker-like behaviour for SSL connections. That'll make another interesting slowloris test. -- Nick Kew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|