Apache DoS - is Varnish affected?

Poul-Henning Kamp phk at phk.freebsd.dk
Fri Jun 19 20:28:32 CEST 2009

In message <20090619200701.0dd70975 at fabiankeil.de>, Fabian Keil writes:

>Actually I think accf_http(9) would only delay the attack.
>While the man page doesn't mention it, accf_http passes
>incomplete requests to the userland if its buffer is full.

Yeah, but I'm pretty sure the buffer would contain enough junk to
make varnish shut the connection immediately, so the fd starvation
would not happen.

Anyway, if you are interested in this DoS, you can trivially test
it yourselv with a telnet connection and patience in front of the


Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list