William A. Rowe, Jr. wrote:
Bill Stoddard wrote:
My thinking on how to solve this has changed over the past year or
so... there are numerous ways to DoS an httpd server and you can't
protect against the more effective attacks at the httpd layer.
I forgot the punch line here but hopefully it's obvious where I'm
heading... apr_sendfile on windows performs badly because of a
misguided attempt at mitigating a particular DoS attack against the
server and the cure is worse than the disease. We should change
apr_sendfile to perform optimally on Windows w/o concern for httpd
level DoS attacks.
Yup. It's definately worth considering your alternatives. It's also
worth looking at what socket-level timeouts exist, or if we can start
plugging in some higher-level timeout within the MPM.
But they all will be gated by the basic algorithm of timeout = Timeout * sizetosend/64KB unless we discover
how to determine if a TransmitFile is making progress.
When a process
does nothing in certain phases of the request cycle after some timeout,
simply close the socket from underneath APR.
So how to figure out if we are making progress?
By all means keep looking. I took a look a few months back and found nothing new. I do know how to emulate
event driven network i/o on windows now tho.
Bill
