• Poul-Henning Kamp's avatar
    Rework the code that receives the client request. · a9852b4c
    Poul-Henning Kamp authored
    Collect all the code in cnt_wait()
    
    Add a new -3 return code from HTC which says that all we've seen so
    far is white space.  Use the RFC2616 "LWS" definition of white-space.
    
    Rename "sess_timeout" parameter to "timeout_idle" and describe it more
    precisely.  Make it a double, so more precise values can be specified.
    The sessions is considered idle even if we receive white-space.
    
    Rename "session_linger" parameter to "timeout_linger", make it a double
    and give it units of seconds like other timeouts.
    
    Add new parameter "timeout_req" which controls how long time we give
    the client to send the request headers, from the first non-white char.
    Set it to two seconds.  Experimentation/Experience requested.
    
    "timeout_req" also gives us positive control of any kind of
    "slowlaris" attack scenarios.
    
    I'm trying to group parameters more sensibly, since we sort them
    by name, calling them all timeout_*, pool_* etc, makes some sense I hope.
    a9852b4c
r00641.vtc 555 Bytes