On Sep 13, 2006, at 7:25 AM, Mattias Jiderhamn wrote:
> We are having some trouble with recurring DDoS/DoS attacks on one of
> our Resin servers. While being attacked, it seems most of the threads
> in the thread pool are connected but waiting for request input
> inside JNI code:
Do you know if the DOS is sending a full request or just hanging
after establishing connection?
> Could setting a lower read-timeout
> (http://www.caucho.com/resin-3.0/config/tuning.xtp#Timeouts) ease
> the effect?
> What would be sensible values?
Yes, the main issue would be also handling slow posts, e.g. if you
set it to 500ms, you'd probably timeout posts. A value of 5s or so
should be fine.
> Any other tips for counter measures?
If the DOS is actually sending a request, you can look at the
ThrottleFilter (com.caucho.filters.ThrottleFilter). That only
applies once the GET/POST has been sent, though.
I've added a bug report, because it should be possible to add a new
type of throttle filter earlier in the request processing, i.e. right
after the connect but before attempting to read. (We had a
capability like that in 2.1, but didn't upgrade it in 3.0.)
> Thanks in advance.
> resin-interest mailing list
resin-interest mailing list