BugTraq
a cheesy Apache / IIS DoS vuln (+a question) Jan 03 2007 11:27PM Michal Zalewski (lcamtuf dione ids pl) (4 replies) Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 05 2007 08:45AM bugtraq (bugtraq securityfocus lists bitrouters com) (1 replies) Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 12:36PM Siim Põder (windo p6drad-teel net) Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 11:45AM Pieter de Boer (pieter thedarkside nl) (1 replies) Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 06:47PM Rob Sherwood (capveg cs umd edu) Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 05:35AM William A. Rowe, Jr. (wrowe rowe-clan net) (2 replies) Re: a cheesy Apache / IIS DoS vuln (+a question) Jan 04 2007 08:18AM Michal Zalewski (lcamtuf dione ids pl) |
Privacy Statement |
>
> a quick fix for this can be available at least on bsd, there is accf_http
> that can be modified not to pass the connection to apache until a full request
> is read (either get or post, full, not just the first get request header,
> of course this can be even worst for a lot of post data).
For what it is worth, Apache 2.2.x and later introduce support for http accept()
filtering on platforms which support httpfilter. Since Apache 2.0.x, AcceptEx
is supported on Win32 to pend accept() for at least the initial request payload.
Of course this is not without some resource utilization for the incomplete
request payloads, but at least it does offload the resources from the web
server itself to the kernel socket layer.
Bill
[ reply ]