Apache DoS - is Varnish affected?
Poul-Henning Kamp
phk at phk.freebsd.dk
Fri Jun 19 19:08:30 CEST 2009
In message <4A3BB2E1.8090300 at loman.net>, Nick Loman writes:
>Poul-Henning Kamp wrote:
>> Varnish will abandon the connection after a fixed number of header
>> lines.
>
>That's reassuring. Out of interest, what is the limit?
32 - 3 (for the first line fields)
>Presumably that limit * the read timeout is the length of time a
>connection could be held open by a rogue client?
Something like that, I have not tried it.
Worst case it would be a timeout for each character.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-misc
mailing list