httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: [vote] release 2.2.15?
Date Wed, 03 Mar 2010 21:34:25 GMT
On 3/3/2010 2:00 PM, Mladen Turk wrote:
> Right, and I'm afraid if SSLInsecureRenegotiation (default) isn't set
> while compiled with 0.9.8m one can easily create an DoS attack.


I can accomplish the same within the confines of the Timeout limitation
by connecting to the server, sending an OPTIONS line, and not completing
the request headers.  The effect is the same.

Please don't abuse words like DoS to describe utilization.  Of course IE
and Firefox, Opera and Safari are all DoS tools.  It's called consuming
server resources :)

View raw message