httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: mod_auth-any/1672: Authentication / .htaccess DoS attack (fwd)
Date Wed, 14 Jan 1998 22:58:06 GMT
On Wed, 14 Jan 1998, Brian Behlendorf wrote:

> I'm not yet ready to throw in the towel and say "we can't protect against
> internal users causing the machine to slow to a crawl and die" - I think we
> can take each case, especially the really cute ones like this, and do some
> sort of workaround.
> 
> I don't understand why there's the sentiment that we need to do a stat()
> everywhere - wouldn't hardcoding the equivalent of 

/dev isn't the only problem though.

named pipe.

symbolic link.

etc, etc.

Also, it is not the files being requested we are limiting, but other files
(eg. htaccess) files that need to be restricted.  There is no method of
doing so right now.


Mime
View raw message