httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: DoS with mod_deflate & range requests
Date Wed, 24 Aug 2011 15:48:21 GMT

On Aug 24, 2011, at 4:05 AM, Plüm, Rüdiger, VF-Group wrote:

> 
> Patch looks good, but some comments:
> 
> As far as I can see the following range request would not get merged:
> 
> Range: bytes=0-0,1-1,2-2
> 
> into a 0-2 range as need_sort would remain 0. OTOH
> 
> Range: bytes=0-0,0-1,1-2
> 
> would get get merged into a 0-2 range.
> 
> Using boundary and !boundary in the later if statements to decide whether a request
> is multi range or single range is IMHO bad as boundary is set based on the old number
> ranges and not based on the number of merged ranges. So multiple ranges in the beginning
> might get merged to a single range in the end.

+1…

Suggestion: Let's fold the patch, as-is, into trunk, tune it there
and then backport to 2.x...
Mime
View raw message