- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Mon, 20 Jun 2011 17:03:32 +0000
- To: Willy Tarreau <w@1wt.eu>
- cc: Jan Starke <jan.starke@outofbed.org>, ietf-http-wg@w3.org
In message <20110620163813.GA12762@1wt.eu>, Willy Tarreau writes: >I would add that the *first* protection obviously is to have the >server correctly implement timeouts, because if it is sensible to >this attack, it's also sensible to simple client failure. There is no possible timeout value which will both serve slow clients in bad connectivity (iPhone4 ?) and prevent DoS attacks. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Monday, 20 June 2011 17:04:05 UTC