httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dimitri Rebrikov <>
Subject Re: ap_get_client_block blocks in Apache 1.3
Date Wed, 09 Apr 2003 13:41:19 GMT
Graham Leggett wrote:
> That's extremely broken - get your partner to fix their software, as it 
> won't work properly with any webserver, not just apache.

I know that such requests aren't conform and i don't expect that they be
processed correctly. But is it not a vulnerability point if such (broken)
clients can block my apache-processes for indefinite amount of time and
finally (if many) paralyse my system.

I expect that such requests be kicked out after defined timeout
(f.e. timeout-Parameter in httpd.conf).


View raw message