On 6-Sep-04, at 10:37 AM, Ivan Ristic wrote:
[ The request is trivial to implement (at least I think so), but the feature itself is very important. ]
Perhaps I don't understand the request, but wouldn't it be straightforward for a module like mod_security to implement this feature by using one of the connection hooks, perhaps create_connection? Or even by registering an input filter at the beginning of the chain?
I'm assuming that the kind of DoS attacks you are looking for include, for example, sending request lines one octet at a time, and that the intent is to trigger only on the first request in a persistent connection, although conceivably it would be a good idea to start a timeout when the first byte of a subsequent request line comes in, in case the denial of service attack is even more subtle. Reporting timeouts in between requests in a persistent connection would trigger the warning in normal operation with a compliant browser, which is presumably undesirable.
Rici
