id summary reporter owner description type status priority milestone component version resolution keywords cc difficulty 279 DoS protection support for spiffy Mario Domenech Goulart sjamaan "Some tips Brian Mastenbrook gave on #scheme. I'm pasting them here in case we want a DoS protection module for spiffy someday. Here are the relevant parts: {{{ mario-goulart: I think a sufficient approach would be to (a) limit the number of active connections, (b) kill connections according to a least-recently-transmitted policy, and (c) set a timeout for connections in the receiving headers phase, and another timeout for sending data. chandler: wouldn't (c) mess up with things like comet and long live connection intentionally requested to avoid the multiple requests overhead? If the server is blocking before responding to a request, don't time out. But the client shouldn't be allowed to connect or start sending a request and then block indefinitely before finishing sending headers. mario-goulart: Furthermore, if the server has data to send to the client but hasn't actually been able to send it for several seconds, the connection should be terminated as well. }}}" enhancement closed not urgent at all extensions 4.5.x wontfix spiffy, dos