httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: mod_auth-any/1672: Authentication / .htaccess DoS attack (fwd)
Date Wed, 14 Jan 1998 22:55:27 GMT
I'm not yet ready to throw in the towel and say "we can't protect against
internal users causing the machine to slow to a crawl and die" - I think we
can take each case, especially the really cute ones like this, and do some
sort of workaround.

I don't understand why there's the sentiment that we need to do a stat()
everywhere - wouldn't hardcoding the equivalent of 

<Directory /dev>
deny from all

be sufficient?  Or are we trying to do this outside of mod_access?


specialization is for insects

View raw message