"short-lingering-close" connection note is set.
mod_reqtimeout: Instead of setting c->aborted, use the "short-lingering-close"
connection note to shut down the connection quickly while still giving the
client a chance to receive the error message.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@923418
13f79535-47bb-0310-9956-
ffa450edef68
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
"Request %s read timeout", ccfg->type);
/*
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
"Request %s read timeout", ccfg->type);
/*
- * If we allow lingering close, the client may keep this
+ * If we allow a normal lingering close, the client may keep this
* process/thread busy for another 30s (MAX_SECS_TO_LINGER).
* process/thread busy for another 30s (MAX_SECS_TO_LINGER).
- * Therefore we have to abort the connection. The downside is
- * that the client will most likely not receive the error
- * message.
+ * Therefore we tell ap_lingering_close() to shorten this period to
+ * 2s (SECONDS_TO_LINGER).
+ apr_table_setn(f->c->notes, "short-lingering-close", "1");
break;
if (timeup == 0) {
break;
if (timeup == 0) {
- /* First time through; calculate now + 30 seconds. */
- timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+ /*
+ * First time through;
+ * calculate now + 30 seconds (MAX_SECS_TO_LINGER).
+ *
+ * If some module requested a shortened waiting period, only wait for
+ * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain
+ * DoS attacks.
+ */
+ if (apr_table_get(c->notes, "short-lingering-close")) {
+ timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER);
+ }
+ else {
+ timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+ }
continue;
}
} while (apr_time_now() < timeup);
continue;
}
} while (apr_time_now() < timeup);