|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Apache DoS attack?
=?US-ASCII?Q?Micha=B3_Zalewski?= (lcamtuf
POLBOX.COM)Tue, 30 Dec 1997 17:34:47 +0100
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Pancrazio DE MAURO: "Re: Apache DoS attack?"
- Previous message: Olaf Kirch: "Re: man problem"
- Maybe in reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "Apache DoS attack?"
- Next in thread: Marc Slemko: "Re: Apache DoS attack?"
Apache patch by Mark Lowes: [...] + /* Compress multiple '/' characters into one */ + /* To prevent "GET //////..." attack */ [...] After a few tests I discovered that Apache first looks for files [index|homepage].[html|shtml|cgi] (probably it makes over 32000 chdirs :), then dies, throwing 'filename too long' error into logs. Client gets 'Forbidden' response and disconnects. But httpd child process still stays in background, wasting large amount of CPU time and system resources. Note it happends _only_ after this error, so '//...' sequence must as long as it's possible (about 7 kB). The PERFECT httpd patch should also fix httpd's cleanup, to make httpd a little more stable :) _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf
- Next message: Pancrazio DE MAURO: "Re: Apache DoS attack?"
- Previous message: Olaf Kirch: "Re: man problem"
- Maybe in reply to: =?UNKNOWN-8BIT?Q?Micha=B3?= Zalewski: "Apache DoS attack?"
- Next in thread: Marc Slemko: "Re: Apache DoS attack?"