id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	difficulty
279	DoS protection support for spiffy	Mario Domenech Goulart	sjamaan	"Some tips Brian Mastenbrook gave on #scheme.  I'm pasting them here in case we want a DoS protection module for spiffy someday.  Here are the relevant parts:

{{{
<chandler> mario-goulart: I think a sufficient approach would be to
	   (a) limit the number of active connections, (b) kill
	   connections according to a least-recently-transmitted
	   policy, and (c) set a timeout for connections in the
	   receiving headers phase, and another timeout for sending
	   data.

<mario-goulart> chandler: wouldn't (c) mess up with things like comet
		and long live connection intentionally requested to
		avoid the multiple requests overhead?

<chandler> If the server is blocking before responding to a request,
           don't time out.

<chandler> But the client shouldn't be allowed to connect or start
	   sending a request and then block indefinitely before
	   finishing sending headers.

<chandler> mario-goulart: Furthermore, if the server has data to send
	   to the client but hasn't actually been able to send it for
	   several seconds, the connection should be terminated as
	   well.

}}}"	enhancement	closed	not urgent at all		extensions	4.5.x	wontfix	spiffy, dos