On Fri, 7 Aug 1998, Dag-Erling Coidan [ISO-8859-1] Smørgrav wrote:
> There seems to be a simple way of badly DoSing any Apache server. It
> involved a massive memory leak in the way it handles incoming request
> headers. I based my exploit on the assumption that they use setenv()
> (which they don't) and that the bug occurs when you send a header that
> will end up as an environment variable if you request a CGI script
> (such as User-Agent), but I have since verified that there is no
> connection there. Anyway, you can blow Apache through the roof by
> sending it tons of headers - the server's memory consumption seems to
> be a steep polynomial of the amount of data you send it. Below is a
> snapshot of top(1) about one minute after I sent my server a request
> with 10,000 copies of "User-Agent: sioux\r\n" (totalling 190,016 bytes
> of data)
>
Today when I was looking at the Apache 1.3.1 help files i've found a
parameter that might stop this: "RLimitMem". I guess this should make Apache
use only the amount of memory that you want to.
Andy
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:47 PDT