On 7/2/09 8:37 AM, "Nick Kew" <[email protected]> wrote: > Not everyone who's concerned right now about slowloris has > iptables at their disposal.
Also, not everyone has access to the "real" IP very early in the connection phase. Some load balancers add the IP as a header. Generally speaking, most load balancers can handle many times more connections than the actual webservers (even when there are many webservers). Some load balancers per IP blocking schemes are either nonexistent or just don't work. Perhaps this is beyond the scope of this discussion, but it is an unfortunate reality for some folks. -- Brian Akins
