httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch>
Subject Re: mod_deflate DoS using HEAD
Date Mon, 21 Jun 2010 21:00:03 GMT
On Thursday 16 July 2009, William A. Rowe, Jr. wrote:
> Plüm, Rüdiger, VF-Group wrote:
> > Good point. So your patch would invalidate a cached entity if the
> > response to a GET delivered a C-L header, since HEAD and GET
> > would deliver different C-L headers.
> > OTOH I think only very small or extremely compressable responses
> > (whether static or not) would have a C-L in the response to a
> > GET, because everything that exceeeds a zlib buffer would be
> > delivered chunked anyway.
> We don't really want to gzip that single buffer though, either. 
> The prime concern here is CPU cycles.  In this case, there is no
> advantage to performing that compression, and inconsistent
> behavior leads cache and proxy authors down unfortunate
> assumptions.

Going back to that old thread, was there consensus on which patch is 

As I understand it, Rüdiger's patch may be better for caching but uses 
more CPU cycles. But it uses way less CPU than no patch at all. 
Therefore I propose to include that patch unless there is clear 
consensus that Eric's patch is to be preferred.

As an added data point, Rüdiger's patch is in Debian 5.0 and various 
Ubuntus and AFAIK hasn't caused any issues. 

View raw message