httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: Limiting response body length
Date Tue, 13 Feb 2007 13:21:19 GMT
On Tue, 13 Feb 2007 11:30:32 +0000
"Ivan Ristic" <> wrote:

> No. If there's no C-L ModSecurity will count the bytes as they arrive.
> If there are too many the entire response will be blocked with 500
> (and the error page sent to the client).

That's a tradeoff you make against performance.  I would consider
it unacceptable to buffer entire requests or responses at a proxy.
At best it's a big performance hit; at worst it's a DoS-magnet.

Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message