DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=33123>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33123 Summary: Limit number of Connections by ClientHost/IP Product: Apache httpd-2.0 Version: 2.0.52 Platform: PC OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: All AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hello, at the moment, its very easy to keep small/medium webservers unavailable to the world by just running hundreds of processes on a single machine, which each keep one connection to the webserver alive. These processes just have to open a tcp- socket to the server and try to read rom it...so wait for nothing. Wehn the server says Timeout after (default) 300 seconds, the concerned process closes the socket and opens a new one. Running enough of these processes to even use many (200+) of the apaches connection queue-places (ListenBackLog) prevents any other client from issuing his HTTP request and getting an answer bevor Apache timeout or user to loose his patience. Settin up a higher ListenBackLog so makes no sense. Setting op mor MaxClients does, but it does also consume more RAM... The above described "attack" consumes a bandwith between 1 and 3 KByte/sec. I found things about SYN-Flood, but I think this is something very different. Ok, if you know howto, you can prevent this single attacker machine by IPTABLE etc. but tahts no real solution. With DynIP (like in Germany), you just reconnect your internet and get a new Address. Maybe a Directive for limiting the amount of connections for each ClientIP could help? greets, Holger -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
