I figured out the last ingredient of the DoS situation: When the mod_jk load balancer is in use, the AJP worker NullPointerException behavior provoked by the malformed packet makes mod_jk think that the worker died and mod_jk won't try the same worker for a while for any request.
So the DoS scenario happens like this:
1) Send unknown method to Apache when mod_jk with load balancing is in use and the AJP worker is Jetty 6.1.7.
2) mod_jk sends a malformed AJP packet to Jetty.
3) Jetty trusts that the AJP packets are legal and fails with a NullPointerException. Jetty doesn't crash and could handle more requests.
4) mod_jk load balancer thinks that the AJP worker went offline.
5) mod_jk load balancer won't forward requests to the worker for a while rendering the service unusable for all users--even for legitimate requests.
I figured out the last ingredient of the DoS situation: When the mod_jk load balancer is in use, the AJP worker NullPointerExce ption behavior provoked by the malformed packet makes mod_jk think that the worker died and mod_jk won't try the same worker for a while for any request.
So the DoS scenario happens like this: ption. Jetty doesn't crash and could handle more requests.
1) Send unknown method to Apache when mod_jk with load balancing is in use and the AJP worker is Jetty 6.1.7.
2) mod_jk sends a malformed AJP packet to Jetty.
3) Jetty trusts that the AJP packets are legal and fails with a NullPointerExce
4) mod_jk load balancer thinks that the AJP worker went offline.
5) mod_jk load balancer won't forward requests to the worker for a while rendering the service unusable for all users--even for legitimate requests.