Hello,

Iam currently exploring the following directives

First

keepalive_timeout 1 1 ... Suppose Iam getting a slowloris attack, I
think this is a great parameter to reduce in such case. Would normal
browser simply reopen a connection if they could not work on that low
keep alive timeout? How would browsers react aside probably if they
are behind a slow connection it would cause them to send a new
connection for each request?

Second..

I have been told that setting a low (1k) client_body_buffer_size is
suitable to protect against buffer overflows. However Iam reading that
any body buffer size greater then that will simply be written to the
disk. What exactly is the advantage here? How would I be able to test
this parameter from the outside?

(To be honest I dont know what a client body buffer size is.. tried
google but that didnt help much)

David

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx