On Mon, Oct 17, 2011 at 10:06 AM, Kazu Yamamoto
Hello Michael,
I had not understood that this was the DOS attack you were trying to prevent, thank you for the clarification. I think you are correct that this is a problem, but perhaps we should solve it in the enumSocket function. If we tickle the timeout before calling Sock.recv and then pause it again afterwards, we will *only* be timing out on the part of the code that is receiving data from the client, as opposed to timing out on the application code itself.
I'm fine with any fixes which can solve this problem. Would you write the code so that I can test?
I've started a new branch (slowloris); let's try to come up with a complete set of changes to address the issues and then merge it back. Here's the change I was describing: https://github.com/yesodweb/wai/commit/58119eb0b762fde98567ba181ada61b14dfed... Michael