On Fri, 2009-10-16 at 12:31 +1100, Bojan Smojver wrote:
> Slightly more sophisticated craziness attached.
OK, just a little bit cleaner this time.
--
Bojan
--- httpd-2.2.14/server/mpm/prefork/prefork.c 2009-02-01 07:54:55.000000000 +1100
+++ httpd-2.2.14-p/server/mpm/prefork/prefork.c 2009-10-16 13:55:28.764567473 +1100
@@ -803,6 +803,7 @@
int free_slots[MAX_SPAWN_RATE];
int last_non_dead;
int total_non_dead;
+ static apr_time_t maxed_out = 0;
/* initialize the free_list */
free_length = 0;
@@ -856,12 +857,14 @@
*/
ap_mpm_pod_signal(pod);
idle_spawn_rate = 1;
+ maxed_out = 0;
}
else if (idle_count < ap_daemons_min_free) {
/* terminate the free list */
if (free_length == 0) {
/* only report this condition once */
static int reported = 0;
+ apr_time_t now = apr_time_now();
if (!reported) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
@@ -870,6 +873,39 @@
reported = 1;
}
idle_spawn_rate = 1;
+
+ /* Flooded by intentionally slow requests (e.g. slowloris)?
+ * Give the legitimate clients one maintenance interval to
+ * finish with request reads, then cull if we are still
+ * maxed out. Crude, but seems to clear things out.
+ */
+ if (maxed_out) {
+ apr_time_t diff = now - maxed_out;
+
+ if (diff >= SCOREBOARD_MAINTENANCE_INTERVAL) {
+ pid_t reader;
+
+ for (i = 0; i < ap_daemons_limit; ++i) {
+
+ ws = &ap_scoreboard_image->servers[i][0];
+
+ if (ws->status == SERVER_BUSY_READ ||
+ ws->status == SERVER_BUSY_KEEPALIVE) {
+
+ reader = ap_scoreboard_image->parent[i].pid;
+
+ ap_mpm_safe_kill(reader, SIGTERM);
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0,
+ ap_server_conf,
+ "Killed reader: %" APR_PID_T_FMT,
+ reader);
+ }
+ }
+ }
+ }
+ else {
+ maxed_out = now;
+ }
}
else {
if (idle_spawn_rate >= 8) {
@@ -902,10 +938,13 @@
else if (idle_spawn_rate < MAX_SPAWN_RATE) {
idle_spawn_rate *= 2;
}
+
+ maxed_out = 0;
}
}
else {
idle_spawn_rate = 1;
+ maxed_out = 0;
}
}
