Date: Fri, 02 Oct 2009 09:18:46 +0100 From: Tom Evans <tevans.uk@googlemail.com> To: =?ISO-8859-1?Q?Istv=E1n?= <leccine@gmail.com> Cc: Thomas Rasmussen <thomas@gibfest.dk>, freebsd-security@freebsd.org, Eirik =?ISO-8859-1?Q?=D8verby?= <ltning@anduin.net> Subject: Re: Update on protection against slowloris Message-ID: <1254471526.54871.10.camel@strangepork.london.mintel.ad> In-Reply-To: <b8592ed80910011146v52be72d8qb2da5aaef28078dd@mail.gmail.com> References: <4AC37D6B.3060409@optiksecurite.com> <4AC3FA90.1000405@gibfest.dk> <1254387556.39148.10.camel@strangepork.london.mintel.ad> <4E7E6B51-2B63-459C-A6FE-F327E899DCF6@anduin.net> <b8592ed80910011146v52be72d8qb2da5aaef28078dd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2009-10-01 at 19:46 +0100, István wrote: > "The bad news is that it can indeed take a badly-configured apache > server down, and the worse news is that that includes a low-traffic > out-of-the box configuration. Even with the Event MPM, slowloris can > tie up one worker thread per connection." > > > > > for sure > It doesn't tie up one thread, one thread is partially occupied by waiting for the slowloris connection to finish sending the request. That thread can still handle other connections that are sending requests. In our tests, running a couple of slowloris instances against event MPM had virtually no effect. Cheers Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1254471526.54871.10.camel>