|
From: Christian F. <chr...@ti...> - 2011-07-08 12:15:02
|
Hi Breno, SecWriteStateLimit was like one week to late for real world use when we came under attack by anonymous. It would have helped a big deal and I think it is a very good defense mechanism against generic DoS attack scripts. If I am able to set the limit as high as 150-250 then I am sure I will be free of collateral damage (at least in our case). The DDoS case asks for different tool though. Especially on servers which accept big file uploads. On Thu, Jul 07, 2011 at 09:31:46AM -0500, Breno Silva wrote: > When you say "active connections" if i understand well the term you are > using ... it is a established connections right ? But it is not necessary a > simultaneous SERVER_BUSY threads. Yes, I meant "established" on the tcp level. Some of them can be in SERVER_BUSY in Apache. (Sorry for being inexact in the previous message). And from the other message: > FYI. I'm adding a small check in SecWriteStateLimit to only check for POST > connections (2.6.1-stable) How about the other methods? Don't a few of the less frequently used methods like PUT enter the SERVER_BUSY state? Best, Christian -- Everyone is a prisoner of his own experiences. No one can eliminate prejudices - just recognize them. --- Edward R. Murrow |
