On 12/11/07, Raimo Niskanen <[EMAIL PROTECTED]> wrote: > I want to know if and what I can do (on the server side) about HTTP > clients that put sockets on my httpd server in state CLOSE_WAIT and > thereby chew up all sockets for the server causing a kind of > denial of service state. > > And yes, I have googled for "HPPT server socket CLOSE_WAIT" and > did not get much wiser.
If I understand correctly you could try synproxy states with pf and let these states expire rapidly. If the states expire, I *think* pf should end the connection completely, so your half-closed sockets don't get stale. BUT perhaps I didn't get it at all and this makles no sense ;) --knitti
