14 messages in ru.sysoev.nginxRe: nginx and Apache killer| From | Sent On | Attachments |
|---|---|---|
| Igor Sysoev | Aug 27, 2011 1:10 am |  .ranges |
| Juan Angulo Moreno | Aug 27, 2011 7:03 pm | |
| Maxim Dounin | Aug 28, 2011 1:45 am | |
| Venky Shankar | Aug 28, 2011 2:41 am | |
| Gena Makhomed | Aug 28, 2011 7:18 am | |
| Maxim Dounin | Aug 28, 2011 7:24 am | |
| Maxim Dounin | Aug 28, 2011 9:35 am | |
| Venky Shankar | Aug 28, 2011 9:48 am | |
| Maxim Dounin | Aug 28, 2011 1:21 pm | |
| Gena Makhomed | Aug 28, 2011 1:38 pm | |
| Maxim Dounin | Aug 28, 2011 5:14 pm | |
| Gena Makhomed | Aug 29, 2011 11:30 am | |
| Igor Sysoev | Aug 29, 2011 11:45 am | |
| Jim Ohlstein | Sep 1, 2011 4:59 am |
| Subject: | Re: nginx and Apache killer | |
|---|---|---|
| From: | Venky Shankar (ykne...@gmail.com) | |
| Date: | Aug 28, 2011 9:48:26 am | |
| List: | ru.sysoev.nginx | |
Not really. The problem in Apache is not "not merging", but O(N^2) memory consumption while handling Range requests, where N - number of ranges requested.
Sure, but it hits even badly when it does not check overlapping/same range request. I guess nginx would send back 416 when it encounters overlapping ranges (?) and the patch from Igor takes care of exceeding content length case.
See here for more information:
http://permalink.gmane.org/gmane.comp.apache.devel/45196 http://permalink.gmane.org/gmane.comp.apache.devel/45290
With nginx you are safe: there is no O(N^2) memory consumption. Additionally, it won't do any actual data processing with HEAD requests as used in attacking script in question.
But GET involves data processing. But as you said since there is no O(N*2) [or the like] memory consumption with nginx, even GET requests are safe.
Maxim Dounin
_______________________________________________ nginx mailing list ngi...@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Thanks, -Venky
_______________________________________________ nginx mailing list ngi...@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx