[Zope] Responding to hackers
Skip Montanaro
skip@pobox.com
Mon, 28 Oct 2002 10:20:01 -0600
>> You might be able to slow them down. Depending what sort of control
>> you have over the HTTP bits stuffed on the wire, when you encounter
>> requests for such pages, you can have the thread serving the
>> connection slow its responses to a crawl, issue "100 Continue"
>> responses, etc.
Chris> Isn't this the same as a DOS attack on yur own server, though?
Not if you have a multi-threaded server. Legitimate requests will be
handled by new threads. Legitimate 404's (stuff not on your list of
"obvious scan attempts") will get 404'd immediately. You might pile up a
few sleepy threads, but all-in-all the load on your server should be quite
modest. The only problem you might encounter would be if your server got
blasted by large numbers of such requests in a very short period of time.
To avoid this problem you could cap the number of "sluggish" responses at
some figure, after which you simply fall back to regular 404 responses.
Skip