You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2010/03/15 21:22:09 UTC

svn commit: r923418 - in /httpd/httpd/trunk: modules/filters/mod_reqtimeout.c server/connection.c

Author: sf
Date: Mon Mar 15 20:22:09 2010
New Revision: 923418

URL: http://svn.apache.org/viewvc?rev=923418&view=rev
Log:
core: shorten the wait time in ap_lingering_close() if the
"short-lingering-close" connection note is set.

mod_reqtimeout: Instead of setting c->aborted, use the "short-lingering-close"
connection note to shut down the connection quickly while still giving the
client a chance to receive the error message.

Modified:
    httpd/httpd/trunk/modules/filters/mod_reqtimeout.c
    httpd/httpd/trunk/server/connection.c

Modified: httpd/httpd/trunk/modules/filters/mod_reqtimeout.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_reqtimeout.c?rev=923418&r1=923417&r2=923418&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_reqtimeout.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_reqtimeout.c Mon Mar 15 20:22:09 2010
@@ -266,13 +266,12 @@ out:
         ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
                       "Request %s read timeout", ccfg->type);
         /*
-         * If we allow lingering close, the client may keep this
+         * If we allow a normal lingering close, the client may keep this
          * process/thread busy for another 30s (MAX_SECS_TO_LINGER).
-         * Therefore we have to abort the connection. The downside is
-         * that the client will most likely not receive the error
-         * message.
+         * Therefore we tell ap_lingering_close() to shorten this period to
+         * 2s (SECONDS_TO_LINGER).
          */
-        f->c->aborted = 1;
+        apr_table_setn(f->c->notes, "short-lingering-close", "1");
     }
     return rv;
 }

Modified: httpd/httpd/trunk/server/connection.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/connection.c?rev=923418&r1=923417&r2=923418&view=diff
==============================================================================
--- httpd/httpd/trunk/server/connection.c (original)
+++ httpd/httpd/trunk/server/connection.c Mon Mar 15 20:22:09 2010
@@ -152,8 +152,20 @@ AP_DECLARE(void) ap_lingering_close(conn
             break;
 
         if (timeup == 0) {
-            /* First time through; calculate now + 30 seconds. */
-            timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+            /*
+             * First time through;
+             * calculate now + 30 seconds (MAX_SECS_TO_LINGER).
+             *
+             * If some module requested a shortened waiting period, only wait for
+             * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain
+             * DoS attacks.
+             */
+            if (apr_table_get(c->notes, "short-lingering-close")) {
+                timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER);
+            }
+            else {
+                timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+            }
             continue;
         }
     } while (apr_time_now() < timeup);