httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject Re: svn commit: r1070179 - in /httpd/httpd/trunk: CHANGES docs/manual/mod/mod_cache.xml modules/cache/cache_storage.c modules/cache/cache_storage.h modules/cache/mod_cache.c modules/cache/mod_cache.h
Date Mon, 14 Feb 2011 00:15:24 GMT
On Sun, Feb 13, 2011 at 4:00 PM, Graham Leggett <minfrin@sharp.fm> wrote:
> On 14 Feb 2011, at 1:56 AM, Paul Querna wrote:
>
>> Additionally, this should be a configurable behavior.
>>
>> Lets say you run a popular website that depends on mod_cache to
>> protect backend systems from complete overload.
>>
>> All you need to do now as an attacker is POST / DELETE to / or another
>> important URL every 200ms, and the cache becomes invalidated, causing
>> a flood of requests to backends that might not be able to support it.
>>
>> Thoughts?
>
> How is this different from "Cache-Control: no-cache" in the request?

It does a single request to the backend, but doesn't _invalidate_ the
existing cache, which would cause a flood of other, non-attacker
clients to come in.

Mime
View raw message