keepalive_timeout 1 1 & client_body_buffer_size question

David Taveras d3taveras38d3 at gmail.com
Wed Mar 10 01:39:30 MSK 2010


Hello,

Iam replying to myself.

keep_alive timeout does not matter in a slowloris attack because there
is also a keepalive_requests  which is the Number of requests which
can be made over a keep-alive connection. So it would be conservative
to allow a 5 5 second.. as at the end if somebody would abuse that it
would not matter after 100.


Could anybody give me feedback on the client_body_buffer_size purpose/testing ??

Thanks

David

On Mon, Mar 8, 2010 at 4:51 PM, David Taveras <d3taveras38d3 at gmail.com> wrote:
> Hello,
>
> Iam currently exploring the following directives
>
> First
>
> keepalive_timeout 1 1 ... Suppose Iam getting a slowloris attack, I
> think this is a great parameter to reduce in such case. Would normal
> browser simply reopen a connection if they could not work on that low
> keep alive timeout? How would browsers react aside probably if they
> are behind a slow connection it would cause them to send a new
> connection for each request?
>
> Second..
>
> I have been told that setting a low (1k) client_body_buffer_size is
> suitable to protect against buffer overflows. However Iam reading that
> any body buffer size greater then that will simply be written to the
> disk. What exactly is the advantage here? How would I be able to test
> this parameter from the outside?
>
> (To be honest I dont know what a client body buffer size is.. tried
> google but that didnt help much)
>
> David
>



More information about the nginx mailing list