httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Fixing Ranges
Date Wed, 24 Aug 2011 21:06:43 GMT
AFAICS[1], we've discussed an advisory and some protections
users can deploy.  For the future we should be looking at
a robust solution that prevents Range requests only when
they're likely to present a problem.

Most obviously, we should be able to serve arbitrary ranges
from any static or cached file without sweat to support
apps such as JPEG2000 or PDF streaming.  That can be done
much more efficiently at source than in a ranges filter.

Does this look like a plan?

1. Add Ranges capability into the default handler and mod_cache.
   They could then set a "ranges-handled" flag in r->notes.
2. Insert the Ranges filter according to the logic that's
   been discussed here today.
3. The Ranges filter then checks ranges-handled, and removes
   itself if set, to avoid returning recursive ranges.

I guess implementing that would imply factoring out the
multipart encoding stuff from the range filter into an API.

[1] that is, returning to an overflowing mailbox after
a tiring day in offline chores, so I could easily have
missed something!

Nick Kew

View raw message