LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Or something

Or something

Posted Jun 25, 2009 4:53 UTC (Thu) by khim (subscriber, #9252)
In reply to: Apache attacked by a "slow loris" by drag
Parent article: Apache attacked by a "slow loris"

So the easy solution, I suppose, is just to use Lighttpd or something like that as a reverse proxy for your Apache server.
If you look on the latest survey you'll find out that millions are already running "something like that". Nginx was designed from ground up to work in such situation - if you know your apache process usually generates page 100K in size you can specify this as buffer size to nginx and then your "real" server will be freed in milliseconds and when occasional long page will be generated nginx will wait for backend. Lighthttpd uses similar architecture, but it's less configurable when used as http-accelerator.

And of course when you send static pages it makes perfect sense to use sendfile(2) and forget about everything (nginx does more or less that - just a few small structures to handle "keep alive" connections).

That's why I can not see what's so important happened: this is well-known apache problem but while it can not be solved with apache alone it can be solved with additional software - and was solved for years by real admins on millions of systems.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds