Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

www-servers/apache-2.2.11-r1: anti-slowloris DOS fix

  • Loading branch information...
commit 86a5873d2042b115a98ca6a83bac39675fd7d478 1 parent df9a4a1
@danielrobbins danielrobbins authored
View
22 metadata/cache/www-servers/apache-2.2.10
@@ -1,22 +0,0 @@
-apache2_modules_deflate? ( sys-libs/zlib ) =sys-devel/automake-1.10* >=sys-devel/autoconf-2.61 sys-devel/libtool dev-lang/perl =dev-libs/apr-1* =dev-libs/apr-util-1* dev-libs/libpcre ldap? ( =net-nds/openldap-2* ) selinux? ( sec-policy/selinux-apache ) ssl? ( >=dev-libs/openssl-0.9.8f ) !=www-servers/apache-1*
-apache2_modules_mime? ( app-misc/mime-types ) dev-lang/perl =dev-libs/apr-1* =dev-libs/apr-util-1* dev-libs/libpcre ldap? ( =net-nds/openldap-2* ) selinux? ( sec-policy/selinux-apache ) ssl? ( >=dev-libs/openssl-0.9.8f ) !=www-servers/apache-1*
-2
-mirror://apache/httpd/httpd-2.2.10.tar.bz2 http://dev.gentoo.org/~hollow/dist/apache/gentoo-apache-2.2.10-20081025.tar.bz2
-
-http://httpd.apache.org/
-Apache-2.0 Apache-1.1
-The Apache Web Server.
-alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd
-apache-2 autotools confutils eutils flag-o-matic libtool multilib portability toolchain-funcs
-sni debug doc ldap selinux ssl static suexec threads apache2_modules_actions apache2_modules_alias apache2_modules_asis apache2_modules_auth_basic apache2_modules_auth_digest apache2_modules_authn_alias apache2_modules_authn_anon apache2_modules_authn_dbd apache2_modules_authn_dbm apache2_modules_authn_default apache2_modules_authn_file apache2_modules_authz_dbm apache2_modules_authz_default apache2_modules_authz_groupfile apache2_modules_authz_host apache2_modules_authz_owner apache2_modules_authz_user apache2_modules_autoindex apache2_modules_cache apache2_modules_cern_meta apache2_modules_charset_lite apache2_modules_dav apache2_modules_dav_fs apache2_modules_dav_lock apache2_modules_dbd apache2_modules_deflate apache2_modules_dir apache2_modules_disk_cache apache2_modules_dumpio apache2_modules_env apache2_modules_expires apache2_modules_ext_filter apache2_modules_file_cache apache2_modules_filter apache2_modules_headers apache2_modules_ident apache2_modules_imagemap apache2_modules_include apache2_modules_info apache2_modules_log_config apache2_modules_log_forensic apache2_modules_logio apache2_modules_mem_cache apache2_modules_mime apache2_modules_mime_magic apache2_modules_negotiation apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_balancer apache2_modules_proxy_connect apache2_modules_proxy_ftp apache2_modules_proxy_http apache2_modules_rewrite apache2_modules_setenvif apache2_modules_speling apache2_modules_status apache2_modules_substitute apache2_modules_unique_id apache2_modules_userdir apache2_modules_usertrack apache2_modules_version apache2_modules_vhost_alias apache2_mpms_itk apache2_mpms_peruser apache2_mpms_prefork apache2_mpms_event apache2_mpms_worker
-
-~app-admin/apache-tools-2.2.10
-
-
-
-compile config install postinst preinst setup unpack
-
-
-
-
-
View
2  metadata/cache/www-servers/apache-2.2.11 → metadata/cache/www-servers/apache-2.2.11-r1
@@ -8,7 +8,7 @@ Apache-2.0 Apache-1.1
The Apache Web Server.
alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd
apache-2 autotools confutils eutils flag-o-matic libtool multilib portability toolchain-funcs
-sni debug doc ldap selinux ssl static suexec threads apache2_modules_actions apache2_modules_alias apache2_modules_asis apache2_modules_auth_basic apache2_modules_auth_digest apache2_modules_authn_alias apache2_modules_authn_anon apache2_modules_authn_dbd apache2_modules_authn_dbm apache2_modules_authn_default apache2_modules_authn_file apache2_modules_authz_dbm apache2_modules_authz_default apache2_modules_authz_groupfile apache2_modules_authz_host apache2_modules_authz_owner apache2_modules_authz_user apache2_modules_autoindex apache2_modules_cache apache2_modules_cern_meta apache2_modules_charset_lite apache2_modules_dav apache2_modules_dav_fs apache2_modules_dav_lock apache2_modules_dbd apache2_modules_deflate apache2_modules_dir apache2_modules_disk_cache apache2_modules_dumpio apache2_modules_env apache2_modules_expires apache2_modules_ext_filter apache2_modules_file_cache apache2_modules_filter apache2_modules_headers apache2_modules_ident apache2_modules_imagemap apache2_modules_include apache2_modules_info apache2_modules_log_config apache2_modules_log_forensic apache2_modules_logio apache2_modules_mem_cache apache2_modules_mime apache2_modules_mime_magic apache2_modules_negotiation apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_balancer apache2_modules_proxy_connect apache2_modules_proxy_ftp apache2_modules_proxy_http apache2_modules_rewrite apache2_modules_setenvif apache2_modules_speling apache2_modules_status apache2_modules_substitute apache2_modules_unique_id apache2_modules_userdir apache2_modules_usertrack apache2_modules_version apache2_modules_vhost_alias apache2_mpms_itk apache2_mpms_peruser apache2_mpms_prefork apache2_mpms_event apache2_mpms_worker
+sni debug doc ldap selinux ssl static suexec threads apache2_modules_actions apache2_modules_alias apache2_modules_asis apache2_modules_auth_basic apache2_modules_auth_digest apache2_modules_authn_alias apache2_modules_authn_anon apache2_modules_authn_dbd apache2_modules_authn_dbm apache2_modules_authn_default apache2_modules_authn_file apache2_modules_authz_dbm apache2_modules_authz_default apache2_modules_authz_groupfile apache2_modules_authz_host apache2_modules_authz_owner apache2_modules_authz_user apache2_modules_autoindex apache2_modules_cache apache2_modules_cern_meta apache2_modules_charset_lite apache2_modules_dav apache2_modules_dav_fs apache2_modules_dav_lock apache2_modules_dbd apache2_modules_deflate apache2_modules_dir apache2_modules_disk_cache apache2_modules_dumpio apache2_modules_env apache2_modules_expires apache2_modules_ext_filter apache2_modules_file_cache apache2_modules_filter apache2_modules_headers apache2_modules_ident apache2_modules_imagemap apache2_modules_include apache2_modules_info apache2_modules_log_config apache2_modules_log_forensic apache2_modules_logio apache2_modules_mem_cache apache2_modules_mime apache2_modules_mime_magic apache2_modules_negotiation apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_balancer apache2_modules_proxy_connect apache2_modules_proxy_ftp apache2_modules_proxy_http apache2_modules_rewrite apache2_modules_setenvif apache2_modules_speling apache2_modules_status apache2_modules_substitute apache2_modules_unique_id apache2_modules_userdir apache2_modules_usertrack apache2_modules_version apache2_modules_vhost_alias apache2_mpms_prefork
~app-admin/apache-tools-2.2.11
View
22 metadata/cache/www-servers/apache-2.2.9-r1
@@ -1,22 +0,0 @@
-apache2_modules_deflate? ( sys-libs/zlib ) =sys-devel/automake-1.10* >=sys-devel/autoconf-2.61 sys-devel/libtool dev-lang/perl =dev-libs/apr-1* =dev-libs/apr-util-1* dev-libs/libpcre ldap? ( =net-nds/openldap-2* ) selinux? ( sec-policy/selinux-apache ) ssl? ( >=dev-libs/openssl-0.9.8f ) !=www-servers/apache-1*
-apache2_modules_mime? ( app-misc/mime-types ) dev-lang/perl =dev-libs/apr-1* =dev-libs/apr-util-1* dev-libs/libpcre ldap? ( =net-nds/openldap-2* ) selinux? ( sec-policy/selinux-apache ) ssl? ( >=dev-libs/openssl-0.9.8f ) !=www-servers/apache-1*
-2
-mirror://apache/httpd/httpd-2.2.9.tar.bz2 http://dev.gentoo.org/~hollow/dist/apache/gentoo-apache-2.2.9-r1-20080829.tar.bz2
-
-http://httpd.apache.org/
-Apache-2.0 Apache-1.1
-The Apache Web Server.
-alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd
-apache-2 autotools confutils eutils flag-o-matic libtool multilib portability toolchain-funcs
-sni debug doc ldap selinux ssl static suexec threads apache2_modules_actions apache2_modules_alias apache2_modules_asis apache2_modules_auth_basic apache2_modules_auth_digest apache2_modules_authn_alias apache2_modules_authn_anon apache2_modules_authn_dbd apache2_modules_authn_dbm apache2_modules_authn_default apache2_modules_authn_file apache2_modules_authz_dbm apache2_modules_authz_default apache2_modules_authz_groupfile apache2_modules_authz_host apache2_modules_authz_owner apache2_modules_authz_user apache2_modules_autoindex apache2_modules_cache apache2_modules_cern_meta apache2_modules_charset_lite apache2_modules_dav apache2_modules_dav_fs apache2_modules_dav_lock apache2_modules_dbd apache2_modules_deflate apache2_modules_dir apache2_modules_disk_cache apache2_modules_dumpio apache2_modules_env apache2_modules_expires apache2_modules_ext_filter apache2_modules_file_cache apache2_modules_filter apache2_modules_headers apache2_modules_ident apache2_modules_imagemap apache2_modules_include apache2_modules_info apache2_modules_log_config apache2_modules_log_forensic apache2_modules_logio apache2_modules_mem_cache apache2_modules_mime apache2_modules_mime_magic apache2_modules_negotiation apache2_modules_proxy apache2_modules_proxy_ajp apache2_modules_proxy_balancer apache2_modules_proxy_connect apache2_modules_proxy_ftp apache2_modules_proxy_http apache2_modules_rewrite apache2_modules_setenvif apache2_modules_speling apache2_modules_status apache2_modules_substitute apache2_modules_unique_id apache2_modules_userdir apache2_modules_usertrack apache2_modules_version apache2_modules_vhost_alias apache2_mpms_itk apache2_mpms_peruser apache2_mpms_prefork apache2_mpms_event apache2_mpms_worker
-
-~app-admin/apache-tools-2.2.9
-
-
-
-compile config install postinst preinst setup unpack
-
-
-
-
-
View
8 profiles/base/package.use.mask
@@ -1,5 +1,13 @@
# This file requires >=portage-2.1.1
+# Daniel Robbins <drobbins@funtoo.org> (27 Jun 2009)
+# To address apache slowloris DOS:
+# http://ha.ckers.org/blog/20090617/slowloris-http-dos/
+# I am masking all vulnerable MPMs, only prefork is
+# protected in apache-2.2.11-r1 in funtoo.
+
+www-servers/apache threads apache2_mpms_itk apache2_mpms_peruser apache2_mpms_event apache2_mpms_worker
+
# Thomas Anderson <gentoofan23@gentoo.org> (17 Jun 2009)
# app-misc/iguanaIR is p.masked so lirc_devices_iguana
# needs to get masked for app-misc/lirc.
View
6 www-servers/apache/ChangeLog
@@ -2,6 +2,12 @@
# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/ChangeLog,v 1.104 2009/05/02 13:29:36 jer Exp $
+ 27 Jun 2009; Daniel Robbins <drobbins@funtoo.org> apache-2.2.11-r1.ebuild:
+ Applying anti-slowloris patch to address slowloris DOS, see
+ http://ha.ckers.org/blog/20090617/slowloris-http-dos/ . Disabling everything
+ but prefork MPM, as this is the only MPM fixed by the patch. Removing older
+ versions.
+
02 May 2009; Jeroen Roovers <jer@gentoo.org> apache-2.2.11.ebuild:
Stable for HPPA (bug #265705).
View
11 www-servers/apache/Manifest
@@ -1,11 +1,6 @@
-DIST gentoo-apache-2.2.10-20081025.tar.bz2 60296 RMD160 bc6d9e05a5924cf104e0a07b18ab6c9da526a1dc SHA1 f3ea7bda13b57b9f622890b2d9288cb096472a96 SHA256 e7704ac9a645bb722d8063735c7de17a4041d76cc72244fc928a0a5ad1ee1ccd
+AUX 2.2.11-r1/anti-slowloris.diff 3860 RMD160 56757e7888968bb1e31a36bd1f1df950e179cd5c SHA1 df30b650aba257dcbbe6cd0878b336452afa3244 SHA256 35c22733be26be0d7a8856187a93ca880cd51ae11cd3a7fff18fb3d94147e660
DIST gentoo-apache-2.2.11-20090101.tar.bz2 60721 RMD160 2a2342bcff3778f44ecb148c333da49f71b5ed57 SHA1 6bb963fa73bf2c26d89dc6b808454d1541f103db SHA256 88a24a6e600024386db5cfd704b11cd7a408ba6ef067a2ffe2dc0923993149ca
-DIST gentoo-apache-2.2.9-r1-20080829.tar.bz2 60376 RMD160 0133e1d06417079f10941f52ef839c05b242d634 SHA1 fdeed5aea3a34fcd5b138612e0e58496dd4f9820 SHA256 6f8724a61e5c304b8f16e5d07a71adeece63511bd976aaee6e191d59fed24324
-DIST httpd-2.2.10.tar.bz2 5068069 RMD160 30f240222a775efa14b104a2b8df1e1dc65f4b8a SHA1 3a71f4904e359603c3338b07a1178ddfacfaa8c6 SHA256 681d5787288e4e527877f415acce198be96ce7de0dc6e354646b1df4aae21383
DIST httpd-2.2.11.tar.bz2 5230130 RMD160 b2012af716a459f666e0e41eb04808bd0f7fc28d SHA1 7af256d53b79342f82222bd7b86eedbd9ac21d9a SHA256 5ce34825c5b84d1808605a22f8d16d44c6f91882a538bb98a3affed8f5dff6fe
-DIST httpd-2.2.9.tar.bz2 4943462 RMD160 8fd62ae78271aa0ded6ba2f5bfeea8c63b79060a SHA1 71715d81e7a5ace4499803df7369c78b85251083 SHA256 d76599fbcf8b3bcff2779f880fb10e4a2bc4af60f64232083c06863e40850b61
-EBUILD apache-2.2.10.ebuild 2753 RMD160 36530781b03b69fb9070b5c67167493b1485c064 SHA1 c8c4d0bec50458f4f2c97c7d40cf76d52d58bd6c SHA256 3af230e5164379449a8a03953f7deeb7296b9cba82d6bdcb1844a66d05b67535
-EBUILD apache-2.2.11.ebuild 2749 RMD160 5ac59a07e2758e753aebfe803bb60f788823fed4 SHA1 8e0a285496f1a0c427461dc6bf418867cf497832 SHA256 5138ff239264ce12d10afcbd3bcd23dba7d2de379e40b2317c66ff06a8768466
-EBUILD apache-2.2.9-r1.ebuild 2754 RMD160 39933201be3e40daf3c7b1b903bda3424b16b3e9 SHA1 aac23bb3fd4bd5101c9eb9becfb0d872f3b31a75 SHA256 bb3bcce3aa230379298915588504dd28c00aab4e444ee1c3aa7d12c161902f9b
-MISC ChangeLog 106677 RMD160 eb522e5389f8f70c787fab98f10c78956d2627bf SHA1 0aa3b96ee33fd6fa8692db4dcace66ae68044675 SHA256 3b57cbcba45f6b84c424271a31faeef14a5674b017c491d64ad174fe9cd9764d
+EBUILD apache-2.2.11-r1.ebuild 2815 RMD160 094dd8b25064188c15cd3839bfcca3c5ba60058a SHA1 8be9755d714deef6b61dbeb7300430ba3739377b SHA256 9c1dc85dba33d3b32da0b96a3b99be368b94db3b651c5f8a146c8d7c0aadf205
+MISC ChangeLog 106987 RMD160 8de017558085f7e50ef5256bf7f6c2586153c033 SHA1 25c76c7c0e741bd1c777f8b5ec95f5558ce55d04 SHA256 1303757eb80ffd073f6fd4bee975d20e31433264325e9d1a073e12b02f0682d9
MISC metadata.xml 707 RMD160 677af9851f39ffbce95448b9dcca095ec30724a1 SHA1 8354b35e30c99bda1312ed0c2a0cdb630c8a17ff SHA256 dd3c8b528c6623fd9d9ab521471c5b6d775fb78fdd00f1b200b18b6ee95e150d
View
110 www-servers/apache/apache-2.2.10.ebuild
@@ -1,110 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.10.ebuild,v 1.7 2009/01/23 11:29:41 armin76 Exp $
-
-# latest gentoo apache files
-GENTOO_PATCHSTAMP="20081025"
-GENTOO_DEVELOPER="hollow"
-
-# IUSE/USE_EXPAND magic
-IUSE_MPMS_FORK="itk peruser prefork"
-IUSE_MPMS_THREAD="event worker"
-
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
-charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache dumpio env expires
-ext_filter file_cache filter headers ident imagemap include info log_config
-log_forensic logio mem_cache mime mime_magic negotiation proxy proxy_ajp
-proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif speling
-status substitute unique_id userdir usertrack version vhost_alias"
-
-# inter-module dependencies
-# TODO: this may still be incomplete
-MODULE_DEPENDS="
- dav_fs:dav
- dav_lock:dav
- deflate:filter
- disk_cache:cache
- ext_filter:filter
- file_cache:cache
- log_forensic:log_config
- logio:log_config
- mem_cache:cache
- mime_magic:mime
- proxy_ajp:proxy
- proxy_balancer:proxy
- proxy_connect:proxy
- proxy_ftp:proxy
- proxy_http:proxy
- substitute:filter
-"
-
-# module<->define mappings
-MODULE_DEFINES="
- auth_digest:AUTH_DIGEST
- authnz_ldap:AUTHNZ_LDAP
- cache:CACHE
- dav:DAV
- dav_fs:DAV
- dav_lock:DAV
- disk_cache:CACHE
- file_cache:CACHE
- info:INFO
- ldap:LDAP
- mem_cache:CACHE
- proxy:PROXY
- proxy_ajp:PROXY
- proxy_balancer:PROXY
- proxy_connect:PROXY
- proxy_ftp:PROXY
- proxy_http:PROXY
- ssl:SSL
- status:STATUS
- suexec:SUEXEC
- userdir:USERDIR
-"
-
-# critical modules for the default config
-MODULE_CRITICAL="
- authz_host
- dir
- mime
-"
-
-inherit apache-2
-
-DESCRIPTION="The Apache Web Server."
-HOMEPAGE="http://httpd.apache.org/"
-
-# some helper scripts are Apache-1.1, thus both are here
-LICENSE="Apache-2.0 Apache-1.1"
-SLOT="2"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
-IUSE="sni"
-
-DEPEND="${DEPEND}
- apache2_modules_deflate? ( sys-libs/zlib )"
-
-RDEPEND="${RDEPEND}
- apache2_modules_mime? ( app-misc/mime-types )"
-
-src_unpack() {
- if ! use sni ; then
- EPATCH_EXCLUDE="04_all_mod_ssl_tls_sni.patch"
- fi
-
- apache-2_src_unpack
-}
-
-pkg_preinst() {
- # note regarding IfDefine changes
- if has_version "<${CATEGORY}/${PN}-2.2.6-r1"; then
- elog
- elog "When upgrading from versions 2.2.6 or earlier, please be aware"
- elog "that the define for mod_authnz_ldap has changed from AUTH_LDAP"
- elog "to AUTHNZ_LDAP. Additionally mod_auth_digest needs to be enabled"
- elog "with AUTH_DIGEST now."
- elog
- fi
-}
View
6 www-servers/apache/apache-2.2.11.ebuild → www-servers/apache/apache-2.2.11-r1.ebuild
@@ -5,10 +5,11 @@
# latest gentoo apache files
GENTOO_PATCHSTAMP="20090101"
GENTOO_DEVELOPER="hollow"
+GENTOO_PATCHNAME="gentoo-apache-2.2.11"
# IUSE/USE_EXPAND magic
-IUSE_MPMS_FORK="itk peruser prefork"
-IUSE_MPMS_THREAD="event worker"
+IUSE_MPMS_FORK="prefork"
+IUSE_MPMS_THREAD=""
IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
@@ -95,6 +96,7 @@ src_unpack() {
fi
apache-2_src_unpack
+ epatch ${FILESDIR}/2.2.11-r1/anti-slowloris.diff
}
pkg_preinst() {
View
110 www-servers/apache/apache-2.2.9-r1.ebuild
@@ -1,110 +0,0 @@
-# Copyright 1999-2008 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/apache/apache-2.2.9-r1.ebuild,v 1.8 2008/11/05 00:41:50 vapier Exp $
-
-# latest gentoo apache files
-GENTOO_PATCHSTAMP="20080829"
-GENTOO_DEVELOPER="hollow"
-
-# IUSE/USE_EXPAND magic
-IUSE_MPMS_FORK="itk peruser prefork"
-IUSE_MPMS_THREAD="event worker"
-
-IUSE_MODULES="actions alias asis auth_basic auth_digest authn_alias authn_anon
-authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default
-authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta
-charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache dumpio env expires
-ext_filter file_cache filter headers ident imagemap include info log_config
-log_forensic logio mem_cache mime mime_magic negotiation proxy proxy_ajp
-proxy_balancer proxy_connect proxy_ftp proxy_http rewrite setenvif speling
-status substitute unique_id userdir usertrack version vhost_alias"
-
-# inter-module dependencies
-# TODO: this may still be incomplete
-MODULE_DEPENDS="
- dav_fs:dav
- dav_lock:dav
- deflate:filter
- disk_cache:cache
- ext_filter:filter
- file_cache:cache
- log_forensic:log_config
- logio:log_config
- mem_cache:cache
- mime_magic:mime
- proxy_ajp:proxy
- proxy_balancer:proxy
- proxy_connect:proxy
- proxy_ftp:proxy
- proxy_http:proxy
- substitute:filter
-"
-
-# module<->define mappings
-MODULE_DEFINES="
- auth_digest:AUTH_DIGEST
- authnz_ldap:AUTHNZ_LDAP
- cache:CACHE
- dav:DAV
- dav_fs:DAV
- dav_lock:DAV
- disk_cache:CACHE
- file_cache:CACHE
- info:INFO
- ldap:LDAP
- mem_cache:CACHE
- proxy:PROXY
- proxy_ajp:PROXY
- proxy_balancer:PROXY
- proxy_connect:PROXY
- proxy_ftp:PROXY
- proxy_http:PROXY
- ssl:SSL
- status:STATUS
- suexec:SUEXEC
- userdir:USERDIR
-"
-
-# critical modules for the default config
-MODULE_CRITICAL="
- authz_host
- dir
- mime
-"
-
-inherit apache-2
-
-DESCRIPTION="The Apache Web Server."
-HOMEPAGE="http://httpd.apache.org/"
-
-# some helper scripts are Apache-1.1, thus both are here
-LICENSE="Apache-2.0 Apache-1.1"
-SLOT="2"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd"
-IUSE="sni"
-
-DEPEND="${DEPEND}
- apache2_modules_deflate? ( sys-libs/zlib )"
-
-RDEPEND="${RDEPEND}
- apache2_modules_mime? ( app-misc/mime-types )"
-
-src_unpack() {
- if ! use sni ; then
- EPATCH_EXCLUDE="04_all_mod_ssl_tls_sni.patch"
- fi
-
- apache-2_src_unpack
-}
-
-pkg_preinst() {
- # note regarding IfDefine changes
- if has_version "<${CATEGORY}/${PN}-2.2.6-r1"; then
- elog
- elog "When upgrading from versions 2.2.6 or earlier, please be aware"
- elog "that the define for mod_authnz_ldap has changed from AUTH_LDAP"
- elog "to AUTHNZ_LDAP. Additionally mod_auth_digest needs to be enabled"
- elog "with AUTH_DIGEST now."
- elog
- fi
-}
View
112 www-servers/apache/files/2.2.11-r1/anti-slowloris.diff
@@ -0,0 +1,112 @@
+diff --git a/include/scoreboard.h b/include/scoreboard.h
+index bf43cd3..75a2e1f 100644
+--- a/include/scoreboard.h
++++ b/include/scoreboard.h
+@@ -138,6 +138,7 @@ typedef struct {
+ */
+ apr_time_t restart_time;
+ int lb_limit;
++ unsigned short load_percentage;
+ } global_score;
+
+ /* stuff which the parent generally writes and the children rarely read */
+diff --git a/server/mpm/prefork/prefork.c b/server/mpm/prefork/prefork.c
+index 3849c22..21130bd 100644
+--- a/server/mpm/prefork/prefork.c
++++ b/server/mpm/prefork/prefork.c
+@@ -836,6 +836,18 @@ static void perform_idle_server_maintenance(apr_pool_t *p)
+ last_non_dead = i;
+ }
+ }
++
++ {
++ unsigned short load_percentage = (100 * (total_non_dead - idle_count)) / total_non_dead;
++
++ if (load_percentage != ap_scoreboard_image->global->load_percentage) {
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++ "changing load percentage from %u to %u (total non dead = %u, idle count = %u)",
++ ap_scoreboard_image->global->load_percentage, load_percentage, total_non_dead, idle_count);
++ ap_scoreboard_image->global->load_percentage = load_percentage;
++ }
++ }
++
+ ap_max_daemons_limit = last_non_dead + 1;
+ if (idle_count > ap_daemons_max_free) {
+ /* kill off one child... we use the pod because that'll cause it to
+diff --git a/server/protocol.c b/server/protocol.c
+index e5b2e03..49f1888 100644
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -834,6 +834,36 @@ AP_DECLARE(void) ap_get_mime_headers(request_rec *r)
+ apr_brigade_destroy(tmp_bb);
+ }
+
++static apr_interval_time_t adjust_timeout(apr_interval_time_t timeout) {
++ unsigned int percentage = ap_scoreboard_image->global->load_percentage;
++
++ if (percentage <= 50) {
++ return timeout;
++ }
++ if (percentage <= 60) {
++ return timeout / 2;
++ }
++ if (percentage <= 70) {
++ return timeout / 4;
++ }
++ if (percentage <= 80) {
++ return timeout / 8;
++ }
++ if (percentage <= 90) {
++ return timeout / 16;
++ }
++ if (percentage <= 95) {
++ return timeout / 32;
++ }
++ if (percentage <= 97) {
++ return 1000000; // one second in microseconds
++ }
++ if (percentage <= 99) {
++ return 500000; // half second
++ }
++ return 100000; // 0.1 seconds
++}
++
+ request_rec *ap_read_request(conn_rec *conn)
+ {
+ request_rec *r;
+@@ -843,6 +873,7 @@ request_rec *ap_read_request(conn_rec *conn)
+ apr_bucket_brigade *tmp_bb;
+ apr_socket_t *csd;
+ apr_interval_time_t cur_timeout;
++ apr_interval_time_t adj_timeout;
+
+ apr_pool_create(&p, conn->pool);
+ apr_pool_tag(p, "request");
+@@ -909,9 +940,10 @@ request_rec *ap_read_request(conn_rec *conn)
+ */
+ csd = ap_get_module_config(conn->conn_config, &core_module);
+ apr_socket_timeout_get(csd, &cur_timeout);
+- if (cur_timeout != conn->base_server->timeout) {
+- apr_socket_timeout_set(csd, conn->base_server->timeout);
+- cur_timeout = conn->base_server->timeout;
++ adj_timeout = adjust_timeout(conn->base_server->timeout);
++ if (cur_timeout != adj_timeout) {
++ apr_socket_timeout_set(csd, adj_timeout);
++ cur_timeout = adj_timeout;
+ }
+
+ if (!r->assbackwards) {
+@@ -967,9 +999,10 @@ request_rec *ap_read_request(conn_rec *conn)
+ /* Toggle to the Host:-based vhost's timeout mode to fetch the
+ * request body and send the response body, if needed.
+ */
+- if (cur_timeout != r->server->timeout) {
+- apr_socket_timeout_set(csd, r->server->timeout);
+- cur_timeout = r->server->timeout;
++ adj_timeout = adjust_timeout(r->server->timeout);
++ if (cur_timeout != adj_timeout) {
++ apr_socket_timeout_set(csd, adj_timeout);
++ cur_timeout = adj_timeout;
+ }
+
+ /* we may have switched to another server */
Please sign in to comment.
Something went wrong with that request. Please try again.