© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Today I did a deeper investigation, but still I can't explain why my Apache doesn't send "206 Partial Content" response if a gzip compression is disabled or unset. It sends only "200 OK" and then Content-Range: and Content-Length: fields are missing, of course. Also I noticed that it doesn't reply "Accept-Ranges: bytes" at all, even when mod_deflate is enabled.
But probably the reason of my issue with killapache.pl script is not a buggy Apache version. Simply my virtual server is too weak to handle 50 connections to heavy Joomla page in the same moment :) When I decrease "numforks" argument of the exploit script from 50 by default to 10, then the server is still working. Yes, it consumes 100% CPU, but it still has some free memory to run. Please note that it's a true both for old and buggy Apache and for new and fixed version.
Fortunately I have the antiloris.sh script for protecting me against the slowloris attack, so it can drop all script kiddies which use killapache.pl :)
So probably it's a good idea to close my bug report.