Am 30.04.2013 12:03, schrieb André Warnier: > As a general idea thus, anything which impacts the delay to obtain a 404 > response, should > impact these bots much more than it impacts legitimate users/clients. > > How much ? > > Let us imagine for a moment that this suggestion is implemented in the Apache > webservers, > and is enabled in the default configuration. And let's imagine that after a > while, 20% of > the Apache webservers deployed on the Internet have this feature enabled, and > are now > delaying any 404 response by an average of 1000 ms
which is a invitation for a DDOS-attack because it would make it easier to use every available worker and by the delay at the same time active iptables-rate-controls get useless because you need fewer connections for the same damage no - this idea is very very bad and if you ever saw a DDOS-attack from 10 thousands of ip-addresses on a machine you maintain you would not consider anything which makes responses slower because it is the wrong direction
signature.asc
Description: OpenPGP digital signature
