I have heard from several sources Apache version 1.x for Windows does not thread very well. The first real Win32 version is Apache 2.0. This does not answer your question, I know, but it's something to consider in formulating a long-term solution.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sergey Strakhov Sent: Thursday, December 19, 2002 8:04 AM To: [EMAIL PROTECTED] Cc: Pedro Nascimento; Greg Davydouski Subject: DoS attack on mod_ssl 2.8.12 ?? Hello, We are experiencing problems with our Win32 Apache 1.3.27 with mod_ssl 2.8.12 + openssl 0.9.6g running on Windows 2000. It is a sort of DoS attack that makes our web site totally inaccessible. One of those attacks was captured with Ethereal. The dump is attached. As you can see, the attack is accomplished through both HTTP (80) and HTTPS (443) ports. First, the connection is opened to the HTTP port and a malformed HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port (probably with an intention to produce a crash described in http://www.cert.org/advisories/CA-2002-27.html or just to determine the host's Server version). The server responds with "HTTP/1.1 400 Bad request" and closes the connection. After that the attacker starts opening connections to the HTTPS port. One of them is used to send SSLv2 Client Hello request. From this point the web server starts rejecting all incoming connections and the web site stops responding on both HTTP and HTTPS ports. The error log usually contains records like: [..time..] [error] [client ..] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [..time..] [error] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting Is this problem related to mod_ssl anyhow? Do you expect any fix for this problem soon? Regards P.S. We have the ThreadsPerChild parameter of httpd.conf set to 10. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
