httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: DoS with mod_deflate & range requests
Date Wed, 24 Aug 2011 23:43:17 GMT
On Aug 24, 2011, at 4:39 PM, William A. Rowe Jr. wrote:

> On 8/24/2011 4:54 PM, Roy T. Fielding wrote:
>> On Aug 24, 2011, at 1:56 PM, Roy T. Fielding wrote:
>>> To be clear, I am more than willing to rewrite the part on
>>> Ranges such that the above is explicitly forbidden in HTTP.
>>> I am not sure what the WG would agree to, but I am quite certain
>>> that part of the reason we have an Apache server is to protect
>>> the Internet from idiotic ideas like the above.
>> 
>> http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311
> 
> Excellent, thanks.  Just curious, isn't this clarification outside of
> the remit of 2616bis?

Security repairs are never out of scope.

....Roy


Mime
View raw message