The latest fork-free patch is in /patches/for_Apache_0.6.2/
Things we need to fix...
There's a potential problem in the current setup, which I think
the NCSA approach will suffer from too, it should be possible for
a trouble maker to open N connections, and grab the attention of
all N child processes. He can then hold these N connections open
for TIMEOUT seconds, and thus block all other connections to the
server.
My first thought was, "Aha, reduce the TIMEOUT for receiving
a request to something more realistice - say 20 seconds"
...but that's going to cause problems for people POSTing large
amounts of information over slow links.
The only real soultion I could come up with was to have a forking
model as a fallback.
The children can send signals (ALARM or whatever) to the parent to
say "ready" or "busy". The parent only needs to know how many of
the children are "ready", so that in the event of all of them being
"busy", it can then spawn the forking model.
All this is based on the paranoia that someone will think it'll
be a hoot to clog someone else's server. If I though of it, I'm
sure someone else will too.
Any other ideas ?
robh
Things we need to fix...
There's a potential problem in the current setup, which I think
the NCSA approach will suffer from too, it should be possible for
a trouble maker to open N connections, and grab the attention of
all N child processes. He can then hold these N connections open
for TIMEOUT seconds, and thus block all other connections to the
server.
My first thought was, "Aha, reduce the TIMEOUT for receiving
a request to something more realistice - say 20 seconds"
...but that's going to cause problems for people POSTing large
amounts of information over slow links.
The only real soultion I could come up with was to have a forking
model as a fallback.
The children can send signals (ALARM or whatever) to the parent to
say "ready" or "busy". The parent only needs to know how many of
the children are "ready", so that in the event of all of them being
"busy", it can then spawn the forking model.
All this is based on the paranoia that someone will think it'll
be a hoot to clog someone else's server. If I though of it, I'm
sure someone else will too.
Any other ideas ?
robh