Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment lighttpd and nginx (Score -1) 203

I have tested this DoS attack against lighttpd and nginx. Out of the box both servers are vulnerable (despite the note in the announcement that lighttpd is not vulnerable, just use enough number of connections). Nginx could be configured to not be affected by this type of attacks:

Put in "http" section:

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
limit_zone limit_per_ip $binary_remote_addr 1m;

and put in "server" section :

limit_conn limit_per 16;

The last 2 configuration lines are for limiting connections per client IP. This fist lines are same sane connection timeouts.

May be lighttpd could be configured in a similar manner but I am not a spec in it.

Best regards

Slashdot Top Deals

Do not simplify the design of a program if a way can be found to make it complex and wonderful.