httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lazy <lazy...@gmail.com>
Subject Re: DoS with mod_deflate & range requests
Date Tue, 23 Aug 2011 12:15:16 GMT
2011/8/23 Stefan Fritsch <sf@sfritsch.de>:
> http://seclists.org/fulldisclosure/2011/Aug/175
>
> I haven't looked into it so far. And I am not sure I will have time today.
>

it is sending HEAD requests with lots of  ranges
HEAD / HTTP/1.1
Host: xxxx
Range:bytes=0-,5-1,5-2,5-3,.....

the code in
ap_byterange_filter()
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
creates a bucket for every range element,

the number of buckets is limited by the size of the document in
published code but I think it can be enchanced by
using 1-2,1-3,..1-doc_size,2-1,2-2, 2-doc_size

doeas Range in HEAD request have any sense at all ?

Mime
View raw message