On Sun, Jun 21, 2009 at 4:10 AM, Andreas Krennmair<a...@synflood.at> wrote: > Hello everyone, ..... > The basic principle is that the timeout for new connections is adjusted > according to the current load on the Apache instance: a load percentage is > computed in the perform_idle_server_maintenance() routine and made available > through the global scoreboard. Whenever the timeout is set, the current load > percentage is taken into account. The result is that slowly sending > connections are dropped due to a timeout, while legitimate, fast-sending > connections are still being served. While this approach doesn't completely > fix the issue, it mitigates the negative impact of the Slowloris attack.
Mitagation is the wrong approach. We all know our architecture is wrong. We have started on fixing it, but we need to finish the async input rewrite on trunk, but all of the people who have hacked on it, myself included have hit ENOTIME for the last several years. Hopefully the publicity this has generated will get renewed interest in solving this problem the right way, once and for all :) It doesn't need to be the simple mpm, or the event mpm, its not even about MPMs, its about how the whole input filter stack works. So.. i write yet another email about it... and disappear in the ether of ENOTIME once again..... -Paul