On Mon, Jun 22, 2009 at 02:23:12PM +0200, Dirk-Willem van Gulik wrote: >>> - Seriously rewrite apache/add a worker which mimics the >>> accept_filter.ko >>> of freebsd somewhat in that it as a single threaded async select() >>> loop >>> which buffers things up until they are cooked enough (i.e. the >>> client has >>> enough skin in the game) to hand off to a real worker.
Is not this mechanism limited to HTTP and misses HTTPS? So I do not think it can be a general solution. I am not an apache developer, but would not the event mpm be of some use in this case? Otherwise, I see a lack of granular timeout values. RSnake's latest take can be fought with a low KeepAliveTimeout (-> http://ha.ckers.org/blog/20090620/http-longevity-during-dos/) One should be able to assign timeouts to other request phases too. And it should be possible to set these timeouts in a way that a subsequent header or a single post payload byte is not resetting them to zero again. Just my 2 cents Christian Folini -- If you shut your door to all errors truth will be shut out. --- Rabindranath Tagore
