Hi.. I've made my peace with trying to read a request byte to byte. However, i'm still trying to get the time between line-input from sockets. It is pretty easy to DoS Apache, with a small (put-your-favorite-scripting-language-here) script, where i input a line .. wait a little less that the timeout (about 50 seconds), then start writing another line (some header) wait another 50 secs.. and start another line, and so on. That way, anyone can easily DoS any apache server, just making all the connections to be busy with a fake-slow-client.
I want to be able to "count" the time between byte (what i cannot) or between client line input, so i can detect if a client is a real one, or just some script kiddie doing some denial to my servers. Where should i put the core ? an input filter ? or just patching over the protocol/core.c ? Any help will be greatly appreciated.