Phase for controlling network input?

[Bill McGonigle]

I'm hoping this is possible with mod_perl, since I'm already familiar 
with it and fairly allergic to c, but can't seem to figure out the right 
phase.

I've been seeing log files recently that point to a certain DDOS attack 
brewing on apache servers.  I want to write a module that keeps a timer 
for the interval from when the apache child gets a network connection to 
when the client request has been sent.

I need a trigger when a network connection is established and a trigger 
when apache thinks it has received the request (before the response).

PerlChildInitHandler seems too early, since the child may be a 
pre-forked child without a connection.  PerlPostReadRequest seems too 
late since I can't be guaranteed of being called if the request isn't 
complete, which is the problem I'm trying to solve.  I could clear a 
flag in PerlPostReadRequest, but that would imply something is 
persisting from before that would be able to read the flag.

Maybe I'm think about this all wrong.  Any suggestions?

Thanks,
-Bill

Re: Phase for controlling network input?

[Simon Rosenthal]

I'm not sure that any mod_perl handlers are dispatched until the whole 
request is received, so you may have to deal with this at the core Apache 
level.

I think the following is your best bet (from 
http://httpd.apache.org/docs/mod/core.html#timeout )

TimeOut directive

Syntax: TimeOut number
Default: TimeOut 300
Context: server config
Status: core

The TimeOut directive currently defines the amount of time Apache will 
wait for three things:

1.The total amount of time it takes to receive a GET request.
2.The amount of time between receipt of TCP packets on a POST or PUT 
 request.
3.The amount of time between ACKs on transmissions of TCP packets in 
 responses.

We plan on making these separately configurable at some point down the 
road. The timer used to default to 1200 before 1.2, but has been lowered
to 300 which is still far more than necessary in most situations. It is 
not set any lower by default because there may still be odd places in the code
where the timer is not reset when a packet is sent.


We've  experienced this kind of attack inadvertently (as the result of a 
totally misconfigured HTTP client app which froze in the middle of sending 
an HTTP request ;=) but I wasn't aware that there were known attacks based 
on that.

-Simon


At 11:09 AM 9/26/2001, Bill McGonigle wrote:
I'm hoping this is possible with mod_perl, since I'm already familiar with 
it and fairly allergic to c, but can't seem to figure out the right phase.

I've been seeing log files recently that point to a certain DDOS attack 
brewing on apache servers.  I want to write a module that keeps a timer 
for the interval from when the apache child gets a network connection to 
when the client request has been sent.

I need a trigger when a network connection is established and a trigger 
when apache thinks it has received the request (before the response).

PerlChildInitHandler seems too early, since the child may be a pre-forked 
child without a connection.  PerlPostReadRequest seems too late since I 
can't be guaranteed of being called if the request isn't complete, which 
is the problem I'm trying to solve.  I could clear a flag in 
PerlPostReadRequest, but that would imply something is persisting from 
before that would be able to read the flag.

Maybe I'm think about this all wrong.  Any suggestions?

Thanks,
-Bill

-
Simon Rosenthal ([EMAIL PROTECTED])
Web Systems Architect
Northern Light Technology
One Athenaeum Street. Suite 1700, Cambridge, MA  02142
Phone:  (617)621-5296: URL:  http://www.northernlight.com
Northern Light - Just what you've been searching for