On 06/25/2009 04:19 PM, Nick Kew wrote: > Plüm, Rüdiger, VF-Group wrote: > >>> Is this worth hacking up, or more trouble than it saves? >> >> I guess the approach is good, but there are already modules in the >> wild that provide this. So the question is: Should we do our own? >> BTW: I remember that there was a request a while ago to move >> mod_limitipconn >> (one of those modules) inside httpd, but I haven't got the archives >> at hand right now to check. Maybe an idea to come back to this. > > mod_limitipconn works at the request level, so won't help with > slowloris-style attacks. Same goes for mod_evasive - someone > posted "mod_evasive doesn't help" on users@, and that'll be why.
I have and use a patch that hooks it up to the preconnection hook and checks if the number of connections from the IP of the connection that are in read state breaks a certain limit. If yes, the connection is closed. So this is fixable in principle. But I must admit that my patch is very old and I don't know if it still follows my current quality requirements for the httpd project :-). Plus it is against an old version. But the only real problem that I see here is that I am like others currently working very close to ENOTIME. Regards Rüdiger
