While playing with slowloris against prefork, I wrote the attached
craziness.
I had httpd under slowloris attack (which would normally completely DOS
the server) and it seems that the attached patch made it handle the
requests. Sure, there was a lot of carnage in the process (child
processes dying), but somehow it made it better.
Laugh away... :-)
--
Bojan
--- httpd-2.2.14/server/mpm/prefork/prefork.c 2009-02-01 07:54:55.000000000 +1100
+++ httpd-2.2.14-p/server/mpm/prefork/prefork.c 2009-10-15 17:44:40.214662851 +1100
@@ -862,6 +862,7 @@
if (free_length == 0) {
/* only report this condition once */
static int reported = 0;
+ pid_t reader;
if (!reported) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
@@ -870,6 +871,24 @@
reported = 1;
}
idle_spawn_rate = 1;
+
+ /* Flooded by intentionally slow requests (e.g. slowloris)?
+ * Cull readers. Crude, but seems to clear things out.
+ */
+ for (i = 0; i < ap_daemons_limit; ++i) {
+
+ ws = &ap_scoreboard_image->servers[i][0];
+
+ if (ws->status == SERVER_BUSY_READ ||
+ ws->status == SERVER_BUSY_KEEPALIVE) {
+
+ reader = ap_scoreboard_image->parent[i].pid;
+
+ ap_mpm_safe_kill(reader, SIGKILL);
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
+ "Killed reader: %" APR_PID_T_FMT, reader);
+ }
+ }
}
else {
if (idle_spawn_rate >= 8) {
