In message <[email protected]>, Fabian Keil writes:
>Actually I think accf_http(9) would only delay the attack. > >While the man page doesn't mention it, accf_http passes >incomplete requests to the userland if its buffer is full. Yeah, but I'm pretty sure the buffer would contain enough junk to make varnish shut the connection immediately, so the fd starvation would not happen. Anyway, if you are interested in this DoS, you can trivially test it yourselv with a telnet connection and patience in front of the keyboard. Poul-Henning -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [email protected] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
