Dear all,
i've just commited an update to naviserver to handle HTML output
streaming (e.g. via ns_write) as well asynchronously over the writer
thread(s). Therefore, a slow delivery line (e.g. returning the content
over a slow connection) does not stall a connection thread. This
modification removes the vulnerability for streaming output against
slow-read attacks, since the time spent in the connection thread is just
determined by the computation and not by the delivery throughput of the
content. This feature is currently turned off by default and can be
controlled by the drivers configuration variable "writerstreaming". For
runtime configuration, ns_writer has now two new subcommands "ns_writer
size" and "ns_writer streaming" to modify the writer settings without
reboot.
With this change, all input and output of naviserver can be handled
asynchronously, the connection threads can run without being blocked
from slow connections.
I have updated the commented changelog at
https://next-scripting.org/xowiki/docs/misc/naviserver-connthreadqueue
All the best
-gustaf neumann
|
