httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: mod_deflate DoS using HEAD
Date Tue, 14 Jul 2009 17:02:30 GMT
Nick Kew wrote:

> The content-length could've been set anyway - the simplest case being
> a static file that's been "stat"ed.  Have we definitely unset it?

D'oh.  Of course we have.

>> Is this really an optimization?  Sounds like correctness :)  And do we 
>> want
>> to also validate that Accept-Encoding: chunked is present?
> 
> No, deflate doesn't imply chunked encoding.

That, on the other hand, stands.  In the case of an HTTP/1.0
request, we'd be closing the connection to signal end-of-response.

-- 
Nick Kew

Mime
View raw message