search for: accf_http

This small patch extends configure_socket_options to support FreeBSD''s accf_http(9), which defers accept() until there''s a full HTTP request to read. Seems to work fine on 6.1-STABLE. DragonflyBSD should work too provided the /freebsd/ line is modified to match it. accf_http(9): http://www.freebsd.org/cgi/man.cgi?query=accf_http&sektion=9 -- Thomas ''...

Hi list! We tested mod_antiloris 0.4 and found it quite efficient, but before putting it in production, we would like to hear some feedback from freebsd users. We are using Apache 2.2.x on Freebsd 6.2 and 7.2. Is anyone using it? Do you have any other way to patch against Slowloris other than putting a proxy in front or using the HTTP accept filter? Thanks for your feedback, Martin

Alright folks, I put in a fix for camping and added the patch by Thomas Hurst for the accf_http deferred accept settings for FreeBSD. As usual, please test this release out and let me know if it has any additional problems. I''ll be working on win32 builds today and tomorrow with Luis. Install with: sudo gem install fastthread --source=http://mongrel.rubyforge.org/releases sudo ge...

...date Corrected: 2002-05-21 18:03:16 UTC (RELENG_4) 2002-05-28 18:27:55 UTC (RELENG_4_5) FreeBSD only: YES I. Background FreeBSD features an accept_filter(9) mechanism which allows an application to request that the kernel pre-process incoming connections. For example, the accf_http(9) accept filter prevents accept(2) from returning until a full HTTP request has been buffered. No accept filters are enabled by default. A system administrator must either compile the FreeBSD kernel with a particular accept filter option (such as ACCEPT_FILTER_HTTP) or load the filter using kldl...

...ko...Reading symbols from /boot/kernel/miibus.ko.symbols...done. done. Loaded symbols for /boot/kernel/miibus.ko Reading symbols from /boot/kernel/if_vr.ko...Reading symbols from /boot/kernel/if_vr.ko.symbols...done. done. Loaded symbols for /boot/kernel/if_vr.ko Reading symbols from /boot/kernel/accf_http.ko...Reading symbols from /boot/kernel/accf_http.ko.symbols...done. done. Loaded symbols for /boot/kernel/accf_http.ko Reading symbols from /boot/kernel/bridgestp.ko...Reading symbols from /boot/kernel/bridgestp.ko.symbols...done. done. Loaded symbols for /boot/kernel/bridgestp.ko Reading symbols...

Dear Security team, I'm Kamolpat Pornatiwiwat, Sys admin of DMaccess Co., Ltd. I'm got the problem, My FreeBSD 6.0 got Dos attacked. What should I do? At the present, I decide to stop apache and leave only mail feature on functioning. Any guide/recommend/solution will be appreciated. More detail about my server: ====================== FreeBSD 6.0 apache-1.3.34_4 php5-5.1.2_1 MySQL

I''m having no luck trying to daemonize mongrel running a camping server. When mongrel daemonizes, I get: /usr/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel.rb:723:in `accept'': closed stream (IOError) from /usr/lib/ruby/gems/1.8/gems/mongrel-1.0.1/lib/mongrel/configurator.rb:293:in `join'' ... (This was after I disabled the unhandled exception catchall in the

Hi, during some big discussions in the last monts on various lists, one of the problems was that some people would like to use freebsd-update but can't as they are using a custom kernel. With all the kernel modules we provide, the need for a custom kernel should be small, but on the other hand, we do not provide a small kernel-skeleton where you can load just the modules you need.

...all is fine for another day or so. I've tried just about every tuning trick out there but to no eval. I can mitigate the problem by increasing available socket buffs and decreasing the tcp.sendspace. I've tried different versions of Apache and I've tried with and without the accf_http kernel filter. Here is what I have on the server now: sysctl.conf: kern.maxfiles=65535 kern.maxfilesperproc=16384 kern.ipc.maxsockbuf=4194304 kern.ipc.somaxconn=1024 net.inet.tcp.sendspace=8192 net.inet.tcp.recvspace=8192 net.inet.tcp.keepidle=900000 net.inet.tcp.keepintvl=30000 net.inet.tcp.msl...