Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment lighttpd and nginx (Score -1) 203

I have tested this DoS attack against lighttpd and nginx. Out of the box both servers are vulnerable (despite the note in the announcement that lighttpd is not vulnerable, just use enough number of connections). Nginx could be configured to not be affected by this type of attacks:

Put in "http" section:

client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 10;
send_timeout 10;
limit_zone limit_per_ip $binary_remote_addr 1m;

and put in "server" section :

limit_conn limit_per 16;

The last 2 configuration lines are for limiting connections per client IP. This fist lines are same sane connection timeouts.

May be lighttpd could be configured in a similar manner but I am not a spec in it.

Best regards

At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.