 |
lua-l archive |
|
|
||
|
So, in summary: random 3.203876 not-so-random 1896.973532
So, Petite Abeille, as you challenged people to throw stuff at Nanoki earlier, I'd be very interested to hear what you've put into it to protect against this type of attack?
I only glanced at the parsing code you linked to. But if memory serves, I believe your webserver puts the HTTP headers into a Lua table. Correct?
Note that for attacks to succeed it doesn't matter whether response degrades from 0.1 seconds to 59, 30 or 10 seconds. Any of these will provide enough of an opening to "follow up" (at little cost) [alas!].
Ashwin.