On Thu, Mar 27, 2008 at 05:40:51PM +0100, Ulric Eriksson wrote:
> >What I would like instead is for it to accept the connection,
> >then wait until a backend server becomes free before connecting
> >to it.
> >
> >Can this be done with pen? If not, do you have any suggestions
> >for alternative solutions?
>
> You can do something similar by adding "-x 2" to the command
> line, so the the maximum number of connections is equal to the
> number of servers. That way the connection won't be accepted
> until a server is available.
Many thanks - that seems to do the trick.
Aside: after some probing with telnet and tcpdump, it seems that when pen
receives an incoming connection, if there is a spare backend it opens a
connection to it immediately (before even the HTTP request has been
received). This raises the possibility of a simple DoS attack, simply by
opening N TCP connections to the server, since the N+1'th connection won't
be processed until one of the other N has been dropped.
But by putting pen behind Apache, I should be able to prevent this. I now
just need to check whether mod_proxy keeps open HTTP/1.1 persistent
connections, and if so how to stop it.
Regards,
Brian.
Received on Thu Mar 27 2008 - 18:52:18 CET
This archive was generated by hypermail 2.2.0 : Thu Mar 27 2008 - 18:52:18 CET