Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cherokee>
  3. users
Slowread, how to mitigate it?
Stefano+Cherokee-Project at Balocco
Jan 11, 2012, 6:47 AM
Post #1 of 2 (962 views)
Permalink
Hello,
I'm searching if is possible to mitigate the effect of slowread on
cherokee.
I've looked the settings, but I didn't found anything usefull.

Slowread:
https://community.qualys.com/blogs/securitylabs/2012/01/05/slow-read
I've tried it on my cherokee webserver and it block my webserver it in less
than a minute.

Some solutions (directly copied from the link) could be:
- Do not accept connections with abnormally small advertised window sizes
- Do not enable persistent connections and HTTP pipelining unless
performance really benefits from it
- Limit the absolute connection lifetime to some reasonable value

Thank you.

Regards,
Stefano

--
Dott. Stefano Balocco

--
View this message in context: http://cherokee-web-server-general.1049476.n5.nabble.com/Slowread-how-to-mitigate-it-tp5136980p5136980.html
Sent from the Cherokee Web Server - General mailing list archive at Nabble.com.
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee
Re: Slowread, how to mitigate it? [ In reply to ]
pubcrawler.com at gmail
Jan 11, 2012, 10:53 AM
Post #2 of 2 (939 views)
Permalink
Thanks for noting this and testing it.

I saw it on the wires, but hadn't sat down to read about it yet.

Also should note the following, as per that article:

We need to know the server’s send buffer size and then define a
smaller-sized client receive buffer. TCP doesn’t advertise the
server’s send buffer size, but we can assume that it is the default
value, which is usually between 65Kb and 128Kb. There’s normally no
need to have a send buffer larger than that.

Some servers have built-in protection, which is turned off by default.
For example, lighttpd has the server.max-write-idle option to specify
maximum number of seconds until a waiting write call times out and
closes the connection.

Hopefully that helps whoever writes the patch for Cherokee :)

On 1/11/12, Stefano <Stefano+Cherokee-Project@balocco.name> wrote:
> Hello,
> I'm searching if is possible to mitigate the effect of slowread on
> cherokee.
> I've looked the settings, but I didn't found anything usefull.
>
> Slowread:
> https://community.qualys.com/blogs/securitylabs/2012/01/05/slow-read
> I've tried it on my cherokee webserver and it block my webserver it in less
> than a minute.
>
> Some solutions (directly copied from the link) could be:
> - Do not accept connections with abnormally small advertised window sizes
> - Do not enable persistent connections and HTTP pipelining unless
> performance really benefits from it
> - Limit the absolute connection lifetime to some reasonable value
>
> Thank you.
>
> Regards,
> Stefano
>
> --
> Dott. Stefano Balocco
>
> --
> View this message in context:
> http://cherokee-web-server-general.1049476.n5.nabble.com/Slowread-how-to-mitigate-it-tp5136980p5136980.html
> Sent from the Cherokee Web Server - General mailing list archive at
> Nabble.com.
> _______________________________________________
> Cherokee mailing list
> Cherokee@lists.octality.com
> http://lists.octality.com/listinfo/cherokee
>
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal