Update on protection against slowloris
Tom Evans
tevans.uk at googlemail.com
Fri Oct 2 08:18:53 UTC 2009
On Thu, 2009-10-01 at 19:46 +0100, István wrote:
> "The bad news is that it can indeed take a badly-configured apache
> server down, and the worse news is that that includes a low-traffic
> out-of-the box configuration. Even with the Event MPM, slowloris can
> tie up one worker thread per connection."
>
>
>
>
> for sure
>
It doesn't tie up one thread, one thread is partially occupied by
waiting for the slowloris connection to finish sending the request. That
thread can still handle other connections that are sending requests. In
our tests, running a couple of slowloris instances against event MPM had
virtually no effect.
Cheers
Tom
More information about the freebsd-security
mailing list