https://issues.apache.org/bugzilla/show_bug.cgi?id=51103
--- Comment #7 from [email protected] 2011-04-26 11:14:43 EDT --- (In reply to comment #6) > You will see in the new attachment that the request times out but returns a > 302 > Redirect instead of a 400 Bad Request. A valid request should indeed return a > 302 because of a RedirectMatch rule in the httpd-vhosts.conf file, but the > request times out and a 302 is returned anyway. Also, you will see that the > client keeps sending data after the connection is closed - although this may > be > an issue with the http_dos_cli tool. And because of this, the http_dos_cli tool can continue sending data slowly and hogging worker threads. The ModSecurity rule that checks for 408 bursts from a single IP cannot know that this is coming from a slow http DoS attack, and so cannot drop further connections from that IP. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
