https://bz.apache.org/bugzilla/show_bug.cgi?id=61551
--- Comment #17 from Nic Jansma <n...@nicj.net> --- It's been 4 days of running with ModSecurity off, and I haven't had a repro of the issue at all. I'm fairly confident at this point, due to the correlation of the timing of the Slow-Loris attack and when these stuck threads happen, that something in ModSecurity's connection-rejectioning may be triggering this bad behavior. e.g. this code executes during the attack and those connections get "dropped" https://github.com/nicjansma/ModSecurity/blob/master/apache2/mod_security2.c#L1459 Should I open an issue in their Github? This behavior can be triggered by slowhttptest -H or -X: https://github.com/shekyan/slowhttptest SecConnEngine On SecConnReadStateLimit 10 SecConnWriteStateLimit 10 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
