> -----Ursprüngliche Nachricht-----
> Von: Nick Kew
> Gesendet: Donnerstag, 25. Juni 2009 15:40
> An: dev@httpd.apache.org
> Betreff: mod_noloris: mitigating against slowloris-style attack
>
> I was just thinking about a quick&dirty fix we could offer
> to admins who are suddenly concerned about DoS attack.
>
> The following, backed by dbm or memcache and assuming configurable
> default and per-host concurrent connection limits, looks like an
> outline candidate and works as a module:
>
> static int noloris_conn(conn_rec *conn)
> {
> /* kludge: just limit the number of connections per-ip */
> /* increment num-conn-from-host
> * register pool cleanup to decrement it
> * limit = per-host-limit || default-limit
> * if (num-conn > limit) {
> * drop connection;
> * return OK;
> * }
> return DECLINED;
> }
> static void noloris_hooks(apr_pool_t *p)
> {
> ap_hook_process_connection(noloris_conn, NULL, NULL,
> APR_HOOK_FIRST);
> }
>
> Is this worth hacking up, or more trouble than it saves?
I guess the approach is good, but there are already modules in the
wild that provide this. So the question is: Should we do our own?
BTW: I remember that there was a request a while ago to move mod_limitipconn
(one of those modules) inside httpd, but I haven't got the archives
at hand right now to check. Maybe an idea to come back to this.
Regards
Rüdiger
