User: Password:
|
|
Subscribe / Log in / New account

Apache attacked by a "slow loris"

Apache attacked by a "slow loris"

Posted Jun 24, 2009 14:33 UTC (Wed) by bangert (subscriber, #28342)
Parent article: Apache attacked by a "slow loris"

a website i used to maintain has seen the attack on a number of times in the past. a single ip opens
many connections, each of which dont seem to be doing anything... first time around was roughly 2
years ago IIRC

it happened too rarely to warrant the implementation of mod_qos/mod_security, but i expect it would
have worked fine. the ad-hoc solution was a firewall block on the offending ip.

does someone know of an mpm, which implements IIS's behavior?


(Log in to post comments)

Apache attacked by a "slow loris"

Posted Jun 24, 2009 15:17 UTC (Wed) by wzzrd (guest, #12309) [Link]

Apparently lighttpd is not affected either. Too bad the article does not describe the way lighttpd handles this problem, but maybe it's close to what you are looking for?

There are no such mpm and there will never be such an mpm

Posted Jun 25, 2009 4:33 UTC (Thu) by khim (subscriber, #9252) [Link]

does someone know of an mpm, which implements IIS's behavior?

This is huge design question: do you want extesibility in your web server or not? Suppose someone went and implemeted such an mpm. Then you server got state machine and everything. Now - what'll happen if single thread is hadnling 1000 clients in your server and this thread called php interpreter? 1000 angry clients, that what (think about it).

To make such scheme usable you need to split web-server in two: lighweight frontend (with state machine, fancy kernel interface and everything) and backend (with php, mysql connections and so on). And guess what: such scheme is implemented and as last survey shows it is used by millions. The fact that frontend is called nginx and not "apache enhanced engine accelerator" does not change anything.

There are no such mpm and there will never be such an mpm

Posted Jun 25, 2009 5:51 UTC (Thu) by quotemstr (subscriber, #45331) [Link]

...you need to split web-server in two: lighweight frontend (with state machine, fancy kernel interface and everything) and backend (with php, mysql connections and so on).
Agreed.

The fact that frontend is called nginx and not "apache enhanced engine accelerator" does not change anything.
There are many different ways of realizing the frontend-backend split, and nginx is just one of them. You can use FastCGI server processes; you can run a conventional proxy as a reverse proxy; you can run a specialized reverse proxy that's not called nginx; you can use akamai; or you can do a thousand other things. Plenty of people manage to split their front and back-ends without using nginx.

There's a word for people who deliberately conflate the conceptional model of a solution with a specific implementation of that solution: salesmen.

Sure, nginx is pretty neat, but it's not the only way to implement what we agree is the necessary architecture.

There are no such mpm and there will never be such an mpm

Posted Jun 28, 2009 19:41 UTC (Sun) by marcH (subscriber, #57642) [Link]

> There's a word for people who deliberately conflate the conceptional model of a solution with a specific implementation of that solution: salesmen.

But there is worse: those who do not! Software patent lawyers.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds