Torture-Testing Web Servers
The Dark Side of Perl
By Lincoln D. Stein
A few years ago I wrote a small Perl script called "torture.pl" whose purpose in life is to inflict pain and suffering on hapless Web servers. It sends servers increasing amounts of random data at increasingly short intervals until they either crash or slow down to the point of unusability. In other words, the script launches a denial-of-service attack on Web servers.
Before you call the cops and have me dragged off to the special prosecutor's office, let me explain. This script has two legitimate functions. First, it can be used to test the speed and responsiveness of a Web server. Second, the script can be used to test the stability and reliability of a particular Web server. (For more testing tools, see the
sidebar.)
When you use it for performance testing, you can measure the speed and response time of your Web servers, CGI scripts, and other Web enhancements. Although torture.pl isn't rigorously normalized for cross-server comparisons the way some benchmarks are, it's good for measuring changes on a single Web server. Worried about the performance impact of a configuration change? Just run the test before and after the change to measure its effects.
When used in torture-testing mode, torture.pl sends large amounts of data to a server, trying to make it crash. If a server, CGI script, module, or template processor can't handle large amounts of data, then it's not particularly well written and might even contain security holes.<>
