Re: A modest proposal, was Re: Mitigating the Slowloris DoS attack
On Jun 23, 2009, at 8:39 PM, Akins, Brian wrote: On 6/23/09 12:48 AM, Paul Querna p...@querna.org wrote: Mitagation is the wrong approach. We all know our architecture is wrong. Another heretical suggestion: Lighttpd and nginx are both release under BSD-like licenses. Hear me out. I've actually been thinking how possible would it be to transform one of them into httpd 3.0? Most prob not that hard since Lighttpd is a fork of Apache 1.3.
A modest proposal, was Re: Mitigating the Slowloris DoS attack
On 6/23/09 12:48 AM, Paul Querna p...@querna.org wrote: Mitagation is the wrong approach. We all know our architecture is wrong. Another heretical suggestion: Lighttpd and nginx are both release under BSD-like licenses. Hear me out. I've actually been thinking how possible would it be to transform one of them into httpd 3.0? Nginx has a few architectural issues (a different cache for fasctcgi versus proxy??) and lighttpd is still fairly immature (cache can't handle Vary, lots of stuff broken when running multiple processes). However, just think if the forces of us and them combined (well, one of them). My personal pick is lighttpd - the community would fit better (nginx is almost all in Russian) and it already has a lot of Lua :) I know this would probably only even be considered in a bizzaro parallel universe. However, what are our alternatives? -- Brian Akins Chief Operations Engineer Turner Digital Media Technologies
