Hi..
I've made my peace with trying to read a request byte to byte. However, i'm still trying to get the time between line-input from sockets. It is pretty easy to DoS Apache, with a small (put-your-favorite-scripting-language-here) script, where i input a line .. wait a little less that the timeout (about 50 seconds), then start writing another line (some header) wait another 50 secs.. and start another line, and so on. That way, anyone can easily DoS any apache server, just making all the connections to be busy with a fake-slow-client.
I'm certainly not an expert in this, but this seems like a lost cause from the start. Any criteria you set for your between-packet timeout would only result in a small increase in the resources necessary for the attacker. I doubt you could tune it in a way to prevent someone with a DSL line from plugging up your server.
I believe that people handle this type of DoS by limiting connections per IP address or by using a server that can handle lots and lots of client connections (such as one of apache's threaded mpms or an event-based server).
Joshua.
