nginx and Apache killer
mdounin at mdounin.ru
Sun Aug 28 20:21:59 UTC 2011
On Sun, Aug 28, 2011 at 04:48:59PM +0000, Venky Shankar wrote:
> > Not really. The problem in Apache is not "not merging", but O(N^2)
> > memory consumption while handling Range requests, where N - number
> > of ranges requested.
> Sure, but it hits even badly when it does not check overlapping/same range
O(N^2) in Apache is only possible with overlapping ranges. It
doesn't mean though that handling overlapping ranges isn't
possible without O(N^2) memory consumption, this is how such
handling is implemented in Apache. (And the patch I linked
actually fixes memory consumption to be O(N).)
> I guess nginx would send back 416 when it
> encounters overlapping ranges (?) and the patch from Igor takes care of
> exceeding content length case.
No, overlapped ranges are perfectly ok in nginx, you are free to
request them and your request will likely be satisfied. While
they don't really make sense from theoretical point of view I
would expect some sloppy software to actually use them.
> > See here for more information:
> > http://permalink.gmane.org/gmane.comp.apache.devel/45196
> > http://permalink.gmane.org/gmane.comp.apache.devel/45290
> > With nginx you are safe: there is no O(N^2) memory consumption.
> > Additionally, it won't do any actual data processing with HEAD
> > requests as used in attacking script in question.
> But GET involves data processing. But as you said since there is no O(N*2)
> [or the like] memory consumption with nginx, even GET requests are safe.
More information about the nginx