|
|
|
|
|
|
by jsnell
989 days ago
|
|
|
> But that doesn't limit number of simultaneous connections from a single IP address. Opening new connections is relatively expensive compared to sending data on an existing connection. > In my thinking, as soon as the request is reset, the server resources are expected to be freed, You can't claw back the CPU resources that have already been spent on processing the request before it was cancelled. > By request flood I mean, request flood, as in sending insanely high number of requests per unit of time (second) to the target server to cause exhaustion of its resources. Right. And how do you send an insanely high number of requests? What if you could send more? Imagine the largest attack you could do by "sending an insanely high number requests" with HTTP/1.1 with a given set of machine and network resources. With H/2 multiplexing you could do 100x that. With this attack, another 10x on top of that. |
|
|