While playing with slowloris against prefork, I wrote the attached craziness.
I had httpd under slowloris attack (which would normally completely DOS the server) and it seems that the attached patch made it handle the requests. Sure, there was a lot of carnage in the process (child processes dying), but somehow it made it better. Laugh away... :-) -- Bojan
--- httpd-2.2.14/server/mpm/prefork/prefork.c 2009-02-01 07:54:55.000000000 +1100 +++ httpd-2.2.14-p/server/mpm/prefork/prefork.c 2009-10-15 17:44:40.214662851 +1100 @@ -862,6 +862,7 @@ if (free_length == 0) { /* only report this condition once */ static int reported = 0; + pid_t reader; if (!reported) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, @@ -870,6 +871,24 @@ reported = 1; } idle_spawn_rate = 1; + + /* Flooded by intentionally slow requests (e.g. slowloris)? + * Cull readers. Crude, but seems to clear things out. + */ + for (i = 0; i < ap_daemons_limit; ++i) { + + ws = &ap_scoreboard_image->servers[i][0]; + + if (ws->status == SERVER_BUSY_READ || + ws->status == SERVER_BUSY_KEEPALIVE) { + + reader = ap_scoreboard_image->parent[i].pid; + + ap_mpm_safe_kill(reader, SIGKILL); + ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf, + "Killed reader: %" APR_PID_T_FMT, reader); + } + } } else { if (idle_spawn_rate >= 8) {