On 24 Aug 2011, at 13:22, Florian Weimer wrote: > * Plüm, Rüdiger, VF-Group: > >> As said this has *nothing* to do with mod_deflate. This was IMHO just >> a guess by the original author of the tool. > > This matches my testing, too. I see a significant peak in RAM usage on > a server where "apachectl -M" does not print anything with the string > "deflate" (so I assume that mod_deflate is not enabled). This is with > 2.2.9-10+lenny9 on Debian. > > If it is more difficult to check if mod_deflate is enabled, the advisory > should tell how to check your server. If the method I used is the > correct one, I don't think it's reasonable to suggest disabling > mod_deflate as a mitigation because it does not seem to make much of a > difference.
Hmm - when I remove mod_deflate (i.e. explicitly as it is the default in all our installs) and test on a / entry which is a static file which is large (100k)* - then I cannot get apache on its knees on a freebsd machine - saturating the 1Gbit connection it has (Note: the attack machines *are* getting saturated). The moment i put in mod_deflate, mod_external filter, etc - it is much easier to get deplete enough resources to notice. Dw. *: as I cannot reproduce the issue with very small index.html files.