| |||||||||||||
Apache attacked by a "slow loris"Apache attacked by a "slow loris"Posted Jun 25, 2009 0:34 UTC (Thu) by JohnDickson (subscriber, #7406)In reply to: Apache attacked by a "slow loris" by tialaramex Parent article: Apache attacked by a "slow loris"
According to some of the mailing list threads on this issue, Apache has an experimental event-based MPM, in addition to the old prefork (multi-process) and worker (multi-process/multi-thread) MPMs.
The event MPM apparently isn't vulnerable to Slowloris (just like lighthttpd, IIS etc.). However, it's apparently incompatible with mod_ssl and some other input filters, so it's not a solution for us.
(Log in to post comments)
This is fundamental problem Posted Jun 25, 2009 5:09 UTC (Thu) by khim (subscriber, #9252) [Link] The event MPM apparently isn't vulnerable to Slowloris (just like lighthttpd, IIS etc.). However, it's apparently incompatible with mod_ssl and some other input filters, so it's not a solution for us. Single thread can not simultaneously handle many thousands connections and do heavy-duty processing (PHP, SQL database requests, etc). First one requires response in nanoseconds, second one sometimes take seconds. And when you split these two operations in two threads frontend-backend scheme becomes quite natural. You can use nginx to handle enormous loads with a single decent server and then safely use as many backend systems as needed. It IS possible to create faster and less resource-hungry server then nginx+apache combo, but if you need to alter existing installation... there are no contest. The only thing nginx really needs is decent documentation...
This is fundamental problem Posted Jun 25, 2009 9:41 UTC (Thu) by dgm (subscriber, #49227) [Link]
> The only thing nginx really needs is decent documentation...
But not passionate advocates, it seems.
|
|||||||||||||