[Mongrel] http keep-alive?

Roger Pack rogerpack2005 at gmail.com
Fri Sep 14 20:04:16 EDT 2007


I read this in a previous post (
http://rubyforge.org/pipermail/mongrel-users/2006-December/002354.html)
....
First, Mongrel accepts remote clients and creates one Thread for each
request.  Mongrel also enforces a single request/response using
Connect:close headers because Ruby only supports 1024 files (so far).  If
Mongrel doesn't do this then people like yourself can write a simple
"trickle attack" client that hits the Mongrel server, opens a bunch of
continuous connections, and then eat up all available files very quickly.
Basically, a DDoS attack that's very simple to do.
....


Is this still a problem?  If it is, I think it might be sweet if it were
optional (then load balancer's could keep open connections--if only load
balancers can hit it...).  Just a thought :)

-Roger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rubyforge.org/pipermail/mongrel-users/attachments/20070914/86b8533c/attachment.html 


More information about the Mongrel-users mailing list