From: Stefan Fritsch Date: Mon, 15 Mar 2010 20:22:09 +0000 (+0000) Subject: core: shorten the wait time in ap_lingering_close() if the X-Git-Tag: 2.3.6~339 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2f462c57549ed4df420e8b424bc1b703e47ca880;p=apache core: shorten the wait time in ap_lingering_close() if the "short-lingering-close" connection note is set. mod_reqtimeout: Instead of setting c->aborted, use the "short-lingering-close" connection note to shut down the connection quickly while still giving the client a chance to receive the error message. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@923418 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/filters/mod_reqtimeout.c b/modules/filters/mod_reqtimeout.c index ccb9ea18ee..0b7e3375c5 100644 --- a/modules/filters/mod_reqtimeout.c +++ b/modules/filters/mod_reqtimeout.c @@ -266,13 +266,12 @@ out: ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c, "Request %s read timeout", ccfg->type); /* - * If we allow lingering close, the client may keep this + * If we allow a normal lingering close, the client may keep this * process/thread busy for another 30s (MAX_SECS_TO_LINGER). - * Therefore we have to abort the connection. The downside is - * that the client will most likely not receive the error - * message. + * Therefore we tell ap_lingering_close() to shorten this period to + * 2s (SECONDS_TO_LINGER). */ - f->c->aborted = 1; + apr_table_setn(f->c->notes, "short-lingering-close", "1"); } return rv; } diff --git a/server/connection.c b/server/connection.c index 7de1431284..8436ea06e3 100644 --- a/server/connection.c +++ b/server/connection.c @@ -152,8 +152,20 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c) break; if (timeup == 0) { - /* First time through; calculate now + 30 seconds. */ - timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER); + /* + * First time through; + * calculate now + 30 seconds (MAX_SECS_TO_LINGER). + * + * If some module requested a shortened waiting period, only wait for + * 2s (SECONDS_TO_LINGER). This is useful for mitigating certain + * DoS attacks. + */ + if (apr_table_get(c->notes, "short-lingering-close")) { + timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER); + } + else { + timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER); + } continue; } } while (apr_time_now() < timeup);