Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 02 Oct 2009 09:18:46 +0100
From:      Tom Evans <tevans.uk@googlemail.com>
To:        =?ISO-8859-1?Q?Istv=E1n?= <leccine@gmail.com>
Cc:        Thomas Rasmussen <thomas@gibfest.dk>, freebsd-security@freebsd.org, Eirik =?ISO-8859-1?Q?=D8verby?= <ltning@anduin.net>
Subject:   Re: Update on protection against slowloris
Message-ID:  <1254471526.54871.10.camel@strangepork.london.mintel.ad>
In-Reply-To: <b8592ed80910011146v52be72d8qb2da5aaef28078dd@mail.gmail.com>
References:  <4AC37D6B.3060409@optiksecurite.com> <4AC3FA90.1000405@gibfest.dk> <1254387556.39148.10.camel@strangepork.london.mintel.ad> <4E7E6B51-2B63-459C-A6FE-F327E899DCF6@anduin.net> <b8592ed80910011146v52be72d8qb2da5aaef28078dd@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2009-10-01 at 19:46 +0100, István wrote:
> "The bad news is that it can indeed take a badly-configured apache
> server down, and the worse news is that that includes a low-traffic
> out-of-the box configuration.  Even with the Event MPM, slowloris can
> tie up one worker thread per connection."
> 
> 
> 
> 
> for sure
> 

It doesn't tie up one thread, one thread is partially occupied by
waiting for the slowloris connection to finish sending the request. That
thread can still handle other connections that are sending requests. In
our tests, running a couple of slowloris instances against event MPM had
virtually no effect.

Cheers

Tom




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1254471526.54871.10.camel>