httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: YA Apache DoS attack
Date Fri, 07 Aug 1998 23:57:49 GMT
I'm just thinking that limited pools may be useful in a more general
sense in other areas.

16k would, for example, be way too low.  Setting a good limit is hard, but
I guess it can be configurable.

On Fri, 7 Aug 1998, Dean Gaudet wrote:

> On Fri, 7 Aug 1998, Marc Slemko wrote:
> 
> > How hard would it be to make a new pool for stuff like this and add the
> > ability to limit the size of a pool?  Would that be useful?  Could we pick
> > a limit that isn't braindead and isn't too big?  etc.
> 
> If you're going to limit the size of the pool then you may as well just
> read a limited amount from the client, and consider anything longer than
> that to be broken.
> 
> i.e. if \r\n\r\n doesn't appear in the first 16k, then tough. 
> 
> Dean
> 
> 
> 


Mime
View raw message