A modest proposal, was Re: Mitigating the Slowloris DoS attack

["Akins, Brian" <Br...@turner.com>]

On 6/23/09 12:48 AM, "Paul Querna" <pa...@querna.org> wrote:

> Mitagation is the wrong approach.
> 
> We all know our architecture is wrong.

Another heretical suggestion:

Lighttpd and nginx are both release under BSD-like licenses.

Hear me out.

I've actually been thinking "how possible would it be to transform one of
them into httpd 3.0?" Nginx has a few architectural issues (a different
cache for fasctcgi versus proxy??) and lighttpd is still fairly immature
(cache can't handle Vary, lots of stuff broken when running multiple
processes).  However, just think if the forces of us and "them" combined
(well, one of them).  My personal pick is lighttpd - the community would fit
better (nginx is almost all in Russian) and it already has a lot of Lua :)

I know this would probably only even be considered in a bizzaro parallel
universe.  However, what are our alternatives?

-- 
Brian Akins
Chief Operations Engineer
Turner Digital Media Technologies

Re: A modest proposal, was Re: Mitigating the Slowloris DoS attack

[Jim Jagielski <ji...@jaguNET.com>]

On Jun 23, 2009, at 8:39 PM, Akins, Brian wrote:

> On 6/23/09 12:48 AM, "Paul Querna" <pa...@querna.org> wrote:
>
>> Mitagation is the wrong approach.
>>
>> We all know our architecture is wrong.
>
> Another heretical suggestion:
>
> Lighttpd and nginx are both release under BSD-like licenses.
>
> Hear me out.
>
> I've actually been thinking "how possible would it be to transform  
> one of
> them into httpd 3.0?"

Most prob not that hard since Lighttpd is a fork of Apache 1.3.