Hi All.
I'm working on a bandwidth module for apache.
My question is as follows :
Recently, a user asked me why on windows, he can get higher bandwidth
only with mod_bw. Without it, he can get about 1.6MB/s. Usind the mod,
and setting unlimited , he gets ~9MB/s.
I'm not on my develop system, so
Hi,
I've been working on this mod since a time now. I've done most of the
work before, but i'm working on improve and fix some bugs.
This started as an ugly hack to bandwidth_mod for apache 1.x (really
ugly). Then looking at some other code, i learn how to do it the right
way (using buckets,
Torsten Curdt wrote:
Hey guys,
currently mod_speling does a redirect to the correct
resource.
Now we have the problem that a legacy client implementation
does not support redirects *sigh* ...so I was wondering
whether it would be possible to add support for serving
the correct resource
Hi...
I'm still fighting (probably for a lost cause.. but my boss ask me to
do this).
In the socket activity there are some troubles dealing with timeouts.
It is pretty easy to Anyone DoS any apache webserver.
I want to propose implementing a request timeout time, or at least a
check for
It doesn't.
Rasmus Lerdorf wrote:
Turn on accept filtering and this problem goes away. Or at least it
moves to be a kernel-level issue instead of an Apache one.
-Rasmus
Ivan Barrera A. wrote:
Hi...
I'm still fighting (probably for a lost cause.. but my boss ask me to
do
. Or at least it
moves to be a kernel-level issue instead of an Apache one.
-Rasmus
Ivan Barrera A. wrote:
Hi...
I'm still fighting (probably for a lost cause.. but my boss ask me to
do this).
In the socket activity there are some troubles dealing with timeouts.
It is pretty easy to Anyone DoS any
How about linux ? how about Windows ? how about (put your favorite OS
here) ?
Linux has SO_ACCEPTFILTER which doesn't trigger the accept until there
is data, so accept filtering works on Linux too. Windows? No idea. But
I bet an Apache DoS would be the least of your worries there.
You mean the httpready filter? The accept will trigger once the buffer
is full, so yes, large requests will defeat it eventually, but you still
get the benefit of not tying up an Apache process until the buffer has
been filled. The question was regarding just opening up lots of
connections
I did fix an issue last year where even with accept filtering enabled
you could DoS any Apache server by simply opening MaxClients connections
and trickling a carriage return to each connection very slowly. So for
people seeing DoS issues like this, I would suggest upgrading to the
latest
Hi..
I've made my peace with trying to read a request byte to byte. However,
i'm still trying to get the time between line-input from sockets.
It is pretty easy to DoS Apache, with a small
(put-your-favorite-scripting-language-here) script, where i input a line
.. wait a little less that the
I've made my peace with trying to read a request byte to byte. However,
i'm still trying to get the time between line-input from sockets.
It is pretty easy to DoS Apache, with a small
(put-your-favorite-scripting-language-here) script, where i input a line
.. wait a little less that the
That is true. But the idea beneath this, is detecting the atacckers.
Then, issuing the ip to a text file, which will be read by another
script that will fed the firewall to block connections.
Although it should increase the resources being used, it should be
minimal, as they aren't that
I know that you hate further tips on doing this differently, but I would
propose to
simply lower the value of Timeout and KeepAliveTimeout to 3 seconds.
Even if it would be possible to write a filter which does this job (which I
doubt) you
would have to define some kind of Timeout after
.scr files are usually windows screensaver files (exe files with another
extension).
Most probably they are virus/worms/trojan , etc.
If they are bounced to you, as if you were sending them, it is because
someone with windows (outlook probably) has you on the address book, and
his computer is
no chance ?
Ivan Barrera A. wrote:
Hi. I'm new to the list, and i hope not to be posting out of topic.
I've been trying to do this (read byte to byte the client request)
since a while, with no success. I've asked in the modules list also.
My idea is to be able to know the time between every
Why not use the time since the start of the request instead?
Ok.. i tought about that, but the problem arises when i need to check
every byte.
Why ? , because my input filter is getting control over when a line is
entered. With a little perl script, i'm opening a socket and putting the
same char
However, it isn't finished, and I'd like to know more about the status
of the module? What's holding development back
Lack of anyone doing the work.
As an old Apache 1.3 suexec hacker I might be willing to help, but the
code looks a bit nasty!
Well, if you can do the work, a lot of people
William A. Rowe, Jr. wrote:
At 11:23 AM 4/20/2005, Ivan Barrera A. wrote:
Ok.. i tought about that, but the problem arises when i need to check
every byte.
Why ? , because my input filter is getting control over when a line is
entered. With a little perl script, i'm opening a socket and putting
You should reimplement the core filter, which will allow you to drive
network socket activity, even if mod_ssl is in place.
i was afraid you might say that :)
It's not nearly as difficult as you might imagine, took me about
three days for mod_ftp's core filter replacement (had to poll both
the
19 matches
Mail list logo
