Return-Path: Delivered-To: new-httpd-archive@hyperreal.org Received: (qmail 15518 invoked by uid 6000); 1 Jan 1998 06:04:06 -0000 Received: (qmail 15512 invoked from network); 1 Jan 1998 06:04:05 -0000 Received: from valis.worldgate.com (marcs@198.161.84.2) by taz.hyperreal.org with SMTP; 1 Jan 1998 06:04:05 -0000 Received: from localhost (marcs@localhost) by valis.worldgate.com (8.8.7/8.8.7) with SMTP id XAA14284 for ; Wed, 31 Dec 1997 23:04:03 -0700 (MST) Date: Wed, 31 Dec 1997 23:04:03 -0700 (MST) From: Marc Slemko To: Apache - BYOC Subject: worth fixing "read headers forever" issue? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org In PR1028, Dean doesn't really seem to think that one-off fixes for things like this are the way to go. I could agree, but don't see anything changing right now. This particular issue of reading request headers forever is easy to fix; just add a counter to get_mime_headers that only allows it to read xxx bytes. I am thinking it is worth it even though it requires x bytes of bandwidth to require the server to grow x bytes. Memory attacks are easier to do some generic limiting on via the pools mechanism Dean suggests. CPU or disk eating things are hard to do that way, and I am doubtful that rlimits can be used usefully. What would be cool to see (and I would like to play with if I worked at a large web hosting company...) is changes that make it very difficult for hits on any one part (be it userdir, virtual domain, etc.) of the docspace to impact other parts while still using the same pool of servers.