diff options
author | Eric Wong <normalperson@yhbt.net> | 2009-10-12 01:13:20 -0700 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2009-10-12 01:13:20 -0700 |
commit | 5fc6a745346517d1321b2e0b7ee0f6b7f88db5bd (patch) | |
tree | f05d5ccbe673c7029eb2597f63dc57ea6278d813 | |
parent | 95bd43f95375c79255016f867b7cc524c6b27db8 (diff) | |
download | rainbows-5fc6a745346517d1321b2e0b7ee0f6b7f88db5bd.tar.gz |
-rw-r--r-- | DEPLOY | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -27,3 +27,16 @@ processing of the request body as it is being uploaded. In this case, haproxy or any similar (non-request-body-buffering) load balancer should be used to balance requests between different machines. + +== Denial-of-Service Concerns + +Since \Rainbows! is designed to talk to slow clients with long-held +connections, it may be subject to brute force denial-of-service attacks. +In Unicorn and Mongrel, we've already enabled the "httpready" accept +filter for FreeBSD and the TCP_DEFER_ACCEPT option in Linux; but it is +still possible to build clients that work around and fool these +mechanisms. + +\Rainbows! itself does not feature any explicit protection against brute +force denial-of-service attacks. We believe this is best handled by +dedicated firewalls provided by the operating system. |