Gonzalo Arana wrote:
Hi,

Keeping whitelist up to date is rather tricky.

How about having any/all of these directives?

# time between accept(2) call and the full request has been read.
RequestTimeout   1

# minimum bandwith the user should have available to access this server.
MinInRate             2KB/s
MinOutRate             3KB/s

That'll completely exclude people on slow connections!
But it's something you could implement in a bandwidth-management
module.

One extra note: it would be good to let these Min{In,Out}Rate be
overriden for large files (audio/video files, for instance).

You don't have anything as specific as a file in a slowloris-type
attack.  You appear to be envisaging something much closer to
various (existing, third-party) bandwidth-management modules.

--
Nick Kew

Reply via email to