[web-devel] questions about ResponseEnumerator

Michael Snoyman michael at snoyman.com
Tue Oct 18 09:07:47 CEST 2011


On Mon, Oct 17, 2011 at 10:06 AM, Kazu Yamamoto <kazu at iij.ad.jp> wrote:
> Hello Michael,
>
>> I had not understood that this was the DOS attack you were trying to
>> prevent, thank you for the clarification. I think you are correct that
>> this is a problem, but perhaps we should solve it in the enumSocket
>> function. If we tickle the timeout before calling Sock.recv and then
>> pause it again afterwards, we will *only* be timing out on the part of
>> the code that is receiving data from the client, as opposed to timing
>> out on the application code itself.
>
> I'm fine with any fixes which can solve this problem.
> Would you write the code so that I can test?

I've started a new branch (slowloris); let's try to come up with a
complete set of changes to address the issues and then merge it back.
Here's the change I was describing:

https://github.com/yesodweb/wai/commit/58119eb0b762fde98567ba181ada61b14dfedd87

Michael



More information about the web-devel mailing list