[Zope] kill LONG request and manage_main DoS?

[Jaroslav Lukesh]

> Odesílatel: Dieter Maurer <dieter at handshake.de>
> Python grew only in version 2.3 the possibility to affect
> a running thread. Version 2.3 provides a C level API to
> raise an exception in a different thread.
> This is not always able to affect the thread (e.g. when it waits
> in a C level extension, it will not be affected) but usually, it does.
> 
> Before Python 2.3, there is no such chance (and therefore, Zope does
> not implement something like this).

Many thanks for nice explanation.
 
> >I dont want to
> >restart my zope server.
> 
> Almost surely, you will need to...
> Unless, you let your request run forever...

I was restart my Zope before a while. I was checking debug page for
connections and after I see only my connections I click to restart :o)...
and Zope works again OK. So I think that customers dont see this little
drop-out.

But as potential DoS attack - does somebody else see this behavior:?

* go to URL: http://server/dtml_document/manage_main over slow (modem)
connection
* wait to send request, but BEFORE displaying of login form, disconnect
* look at linux server "top" command, one from python tasks consume near
100% on forewer...

I have firewall (HW based with NAT to my machine, I dont manage them) and
Pound 1.4 proxy before Zope, which is configured as:

ExtendedHTTP 1
WebDAV 1
UrlGroup ".*"
BackEnd 127.0.0.1,8080,1
EndGroup

May this situation come with pound+Zope interaction?

Many thanks,

J. Lukesh