> if (ip_count > conf->limit) {
> ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected,
> too many connections in READ state from %s", c->remote_ip);
> return OK;
> } else {
> return DECLINED;
> }
I figured out what OK and DECLINED mean. In httpd.h:
#define DECLINED -1 /**< Module declines to handle */
#define DONE -2 /**< Module has served the response
completely
* - it's safe to die() with no more
output
*/
#define OK 0 /**< Module has handled this stage. */
In other words, by returning OK it's telling Apache that we're pretty
much done processing the request. DECLINED means we didn't do
anything and some other module must handle this request.
I tried changing OK to DONE in the mod_antiloris code, thinking it may
close the connection and kill the child process sooner. However,
regardless of returning OK or DONE when ip_count is greater than
conf->limit, the 80 child processes (corresponding to MaxClients 80)
linger on my system during the attack. I can still DoS attack my
webserver from a single client.
Is there any way to prevent even forking a child process if the TCP
connection comes from an IP address for which there are already a
certain number of child processes?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|