httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: DoS with mod_deflate & range requests
Date Wed, 24 Aug 2011 16:47:52 GMT
On Wednesday 24 August 2011, Jim Jagielski wrote:
> On Aug 24, 2011, at 12:05 PM, Plüm, Rüdiger, VF-Group wrote:
> >> -----Original Message-----
> >> From: Jim Jagielski [mailto:jim@jaguNET.com]
> >> Sent: Mittwoch, 24. August 2011 18:02
> >> To: dev@httpd.apache.org
> >> Subject: Re: DoS with mod_deflate & range requests
> >> 
> >> Sorting isn't allowed but I get the impression that merging is
> >> OK... Roy can confirm...
> > 
> > But merging might require sorting...
> 
> then we don't do that merge, imo… In other words, we
> progress thru the set of ranges and once a range
> is merged as far as it can be (due to the next range
> not being merge-able with the previous one), we let
> it go...

We could also use a two stage approach: Up to some limit (e.g. 50) 
ranges, we return them as the client requested them. Over that limit, 
we violate the RFC-SHOULD and sort and merge them.

Mime
View raw message