httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rici Lake <ricil...@speedy.com.pe>
Subject Re: readTrivial enhancement request
Date Wed, 08 Sep 2004 15:47:41 GMT

On 6-Sep-04, at 10:37 AM, Ivan Ristic wrote:

>
> [ The request is trivial to implement (at least I think so),
>   but the feature itself is very important. ]

Perhaps I don't understand the request, but wouldn't it be
straightforward for a module like mod_security to implement
this feature by using one of the connection hooks, perhaps
create_connection? Or even by registering an input filter
at the beginning of the chain?

I'm assuming that the kind of DoS attacks you are looking for
include, for example, sending request lines one octet at a time,
and that the intent is to trigger only on the first
request in a persistent connection, although conceivably it
would be a good idea to start a timeout when the first byte of
a subsequent request line comes in, in case the denial of
service attack is even more subtle. Reporting timeouts in
between requests in a persistent connection would trigger
the warning in normal operation with a compliant browser,
which is presumably undesirable.

Rici


Mime
View raw message