I'm not sure that any mod_perl handlers are dispatched until the whole
request is received, so you may have to deal with this at the core Apache
level.
I think the following is your best bet (from
http://httpd.apache.org/docs/mod/core.html#timeout )
TimeOut directive
Syntax: TimeOut number
Default: TimeOut 300
Context: server config
Status: core
The TimeOut directive currently defines the amount of time Apache will
wait for three things:
1.The total amount of time it takes to receive a GET request.
2.The amount of time between receipt of TCP packets on a POST or PUT
request.
3.The amount of time between ACKs on transmissions of TCP packets in
responses.
We plan on making these separately configurable at some point down the
road. The timer used to default to 1200 before 1.2, but has been lowered
to 300 which is still far more than necessary in most situations. It is
not set any lower by default because there may still be odd places in the code
where the timer is not reset when a packet is sent.
We've experienced this kind of attack inadvertently (as the result of a
totally misconfigured HTTP client app which froze in the middle of sending
an HTTP request ;=) but I wasn't aware that there were known attacks based
on that.
-Simon
At 11:09 AM 9/26/2001, Bill McGonigle wrote:
I'm hoping this is possible with mod_perl, since I'm already familiar with
it and fairly allergic to c, but can't seem to figure out the right phase.
I've been seeing log files recently that point to a certain DDOS attack
brewing on apache servers. I want to write a module that keeps a timer
for the interval from when the apache child gets a network connection to
when the client request has been sent.
I need a trigger when a network connection is established and a trigger
when apache thinks it has received the request (before the response).
PerlChildInitHandler seems too early, since the child may be a pre-forked
child without a connection. PerlPostReadRequest seems too late since I
can't be guaranteed of being called if the request isn't complete, which
is the problem I'm trying to solve. I could clear a flag in
PerlPostReadRequest, but that would imply something is persisting from
before that would be able to read the flag.
Maybe I'm think about this all wrong. Any suggestions?
Thanks,
-Bill
-
Simon Rosenthal ([EMAIL PROTECTED])
Web Systems Architect
Northern Light Technology
One Athenaeum Street. Suite 1700, Cambridge, MA 02142
Phone: (617)621-5296: URL: http://www.northernlight.com
Northern Light - Just what you've been searching for