https://issues.apache.org/bugzilla/show_bug.cgi?id=51103
--- Comment #1 from Stefan Fritsch <[email protected]> 2011-04-22 08:02:17 EDT --- (In reply to comment #0) > Steps to reproduce (A) > ---------------------- > 1. Launch a slow-post attack using the OWASP HTTP DoS tool > (http://code.google.com/p/owasp-dos-http-post/downloads/list) > http_dos_cli --host 1.2.3.4 --port 80 --path /server-status --slow-post > --post-field j_username --connections 1000 --rate 1000 --timeout 5 > 2. Sniff network traffic using Wireshark, observe requests being truncated and > handled, resulting in a 200 return code. I couldn't reproduce this (but I don't have windows to actually try the tool). Can you provide the wireshark dump (maybe filtered to only contain one request)? Do you have mod_status listening for /server-status? > Steps to reproduce (B) > ---------------------- > 1. Launch a slow-headers attack > 2. Sniff network trafic using Wireshark, observe requests being dropped with a > 400 code being returned. This happens in various situations and is fixed in trunk. The fixes should probably be backported to 2.2.x. The relevant commits are r820760 r919323 r937858 r938265 -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
