httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject Re: DoS with mod_deflate & range requests
Date Wed, 24 Aug 2011 20:58:43 GMT
On Aug 24, 2011, at 8:55 AM, Plüm, Rüdiger, VF-Group wrote:
> Hm. If I got it right what Roy says above about the spec sorting and merging is
> not an option as we need to stick to the order and number of ranges the client
> requested. But we can deny overlapping with a 416.

We should implement whatever is needed to make the service
secure from this denial of service.  If that means changing the
spec, then so be it.

> Or we do a 416 as well if merging would change something.

Or 200 if folks are squeamish about making the developer feel
the pain.


View raw message