nginx and Apache killer

Maxim Dounin mdounin at mdounin.ru
Sun Aug 28 20:21:59 UTC 2011


Hello!

On Sun, Aug 28, 2011 at 04:48:59PM +0000, Venky Shankar wrote:

> >
> > Not really.  The problem in Apache is not "not merging", but O(N^2)
> > memory consumption while handling Range requests, where N - number
> > of ranges requested.
> >
> 
> Sure, but it hits even badly when it does not check overlapping/same range
> request.

O(N^2) in Apache is only possible with overlapping ranges.  It 
doesn't mean though that handling overlapping ranges isn't 
possible without O(N^2) memory consumption, this is how such 
handling is implemented in Apache.  (And the patch I linked 
actually fixes memory consumption to be O(N).)

> I guess nginx would send back 416 when it
> encounters overlapping ranges (?) and the patch from Igor takes care of
> exceeding content length case.

No, overlapped ranges are perfectly ok in nginx, you are free to 
request them and your request will likely be satisfied.  While 
they don't really make sense from theoretical point of view I 
would expect some sloppy software to actually use them.

> > See here for more information:
> >
> > http://permalink.gmane.org/gmane.comp.apache.devel/45196
> > http://permalink.gmane.org/gmane.comp.apache.devel/45290
> >
> > With nginx you are safe: there is no O(N^2) memory consumption.
> > Additionally, it won't do any actual data processing with HEAD
> > requests as used in attacking script in question.
> >
> 
> But GET involves data processing. But as you said since there is no O(N*2)
> [or the like] memory consumption with nginx, even GET requests are safe.

Yes.

Maxim Dounin



More information about the nginx mailing list