I'm not sure that any mod_perl handlers are dispatched until the whole
request is received, so you may have to deal with this at the core Apache
level.
I think the following is your best bet (from
http://httpd.apache.org/docs/mod/core.html#timeout )
>TimeOut directive
>
>Syntax: TimeOut number
>Default: TimeOut 300
>Context: server config
>Status: core
>
>The TimeOut directive currently defines the amount of time Apache will
>wait for three things:
>
> 1.The total amount of time it takes to receive a GET request.
> 2.The amount of time between receipt of TCP packets on a POST or PUT
> request.
> 3.The amount of time between ACKs on transmissions of TCP packets in
> responses.
>
>We plan on making these separately configurable at some point down the
>road. The timer used to default to 1200 before 1.2, but has been lowered
>to 300 which is still far more than necessary in most situations. It is
>not set any lower by default because there may still be odd places in the code
>where the timer is not reset when a packet is sent.
We've experienced this kind of attack inadvertently (as the result of a
totally misconfigured HTTP client app which froze in the middle of sending
an HTTP request ;=) but I wasn't aware that there were known attacks based
on that.
-Simon
At 11:09 AM 9/26/2001, Bill McGonigle wrote:
>I'm hoping this is possible with mod_perl, since I'm already familiar with
>it and fairly allergic to c, but can't seem to figure out the right phase.
>
>I've been seeing log files recently that point to a certain DDOS attack
>brewing on apache servers. I want to write a module that keeps a timer
>for the interval from when the apache child gets a network connection to
>when the client request has been sent.
>
>I need a trigger when a network connection is established and a trigger
>when apache thinks it has received the request (before the response).
>
>PerlChildInitHandler seems too early, since the child may be a pre-forked
>child without a connection. PerlPostReadRequest seems too late since I
>can't be guaranteed of being called if the request isn't complete, which
>is the problem I'm trying to solve. I could clear a flag in
>PerlPostReadRequest, but that would imply something is persisting from
>before that would be able to read the flag.
>
>Maybe I'm think about this all wrong. Any suggestions?
>
>Thanks,
>-Bill
-----------------------------------------------------
Simon Rosenthal ([EMAIL PROTECTED])
Web Systems Architect
Northern Light Technology
One Athenaeum Street. Suite 1700, Cambridge, MA 02142
Phone: (617)621-5296: URL: http://www.northernlight.com
"Northern Light - Just what you've been searching for"