Tom Evans wrote: > > It is a bit like an arms race - I guess a solution could be to use a > dedicated thread for reading in POST bodies.
This is why IIS appears to the author that is invulnerable; IIS does fill an initial buffer, at least 64k worth. Exhaust that buffer and it should cripple IIS just fine. Because ultimately, you are not going to 'read POST bodies' as a specific functional step. They are of arbitrary length. I can POST an entire .iso dvd image. If not consumed while read, this operational step would be a joke, and you have a whole new DoS vector. If Apache 3.0 event MPM becomes free-threaded, this situation goes away; while waiting for more POST content, the request handler and modules would not occupy a thread at all. Look forward to the dire warnings of the evils of threading, all over again, as third party modules are discovered to be buggy, and are slowly fixed or forgotten. > The best way to stop slowloris is to not allow a single user to cripple > your server in this way, by restricting the number of connections a > single IP can have to your servers. That of course, only leads to it > becoming a DDoS rather than a DoS. Precisely. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
