On Sunday 18 October 2009, Bojan Smojver wrote: > - a properly configured server will not be maxing out > - if maxing out does happen, scoreboard is bound to change within > some time period (which we can pick), or we are seeing an attack > > With this approach (i.e. the scoreboard checksum), it doesn't > matter much whether we are being attacked by putting workers into > SERVER_BUSY_READ state or not.
Randomly killing possibly legitimate connections is some kind of DoS, too. But it's probably better than the current behaviour. It could even improve the situation in the case where many processes are stuck waiting for a broken ldap/backend/etc. server. In any case, you should try to kill workers with SERVER_BUSY_KEEPALIVE before randomly killing processes.
