httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Chen <qu...@cs.berkeley.edu>
Subject Re: internal dummy connection again
Date Sat, 17 Mar 2007 02:34:40 GMT
>>>>> On 2007-03-05 13:24 PST, Joe Orton writes:

    Joe> On Mon, Mar 05, 2007 at 09:33:56PM +0100, Ruediger Pluem wrote:
    >> On 03/03/2007 05:47 AM, Karl Chen wrote: present.  Also
    >> other issues like noise in the log file.  I've also seen
    >> people complaining that "GET /" might incur the cost of
    >> dynamic content generation for /.
    >> 
    >> Hm. Just thinking loud. Can we avoid this if we replace GET
    >> / with OPTIONS /?

    Joe> Doing "OPTIONS *" as Bill notes is probably the best
    Joe> option available for the dummy connection, though it will
    Joe> still be confusing for users (possible more confusing,
    Joe> since that request rarely if ever seen "in the wild").

Thanks for the input everyone and pointers to the bugzilla issues.
"OPTIONS *" is a definite improvement over "GET /" for
performance.

What about the NOOP idea?  If the connection could be reliably
detected to be coming from apache@localhost, would there still be
a risk of an attack going unnoticed?

It seems reasonable to elide those messages by default, or at
least write them to a different log file.  I'd say the risk of a
real attack getting drowned in noise is currently higher than a
kernel that allows spoofing TCP connections from localhost.
Apache could also look at the srcport to check that it's coming
from the httpd process+user.  And it could create a nonce at
startup and only elide messages with the proper nonce.  Lots of
ways to authenticate yourself to yourself :)

-- 
Karl 2007-03-16 19:18


Mime
View raw message