httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Mitigation Range header
Date Wed, 24 Aug 2011 13:01:07 GMT
 

> -----Original Message-----
> From: Dirk-WIllem van Gulik [mailto:dirkx@webweaving.org] 
> Sent: Mittwoch, 24. August 2011 14:40
> To: dev@httpd.apache.org
> Cc: Plüm, Rüdiger, VF-Group
> Subject: Re: Mitigation Range header
> 
> 
> On 24 Aug 2011, at 13:22, Florian Weimer wrote:
> 
> > * Plüm, Rüdiger, VF-Group:
> > 
> >> As said this has *nothing* to do with mod_deflate. This 
> was IMHO just
> >> a guess by the original author of the tool.
> > 
> > This matches my testing, too.  I see a significant peak in 
> RAM usage on
> > a server where "apachectl -M" does not print anything with 
> the string
> > "deflate" (so I assume that mod_deflate is not enabled).  
> This is with
> > 2.2.9-10+lenny9 on Debian.
> > 
> > If it is more difficult to check if mod_deflate is enabled, 
> the advisory
> > should tell how to check your server.  If the method I used is the
> > correct one, I don't think it's reasonable to suggest disabling
> > mod_deflate as a mitigation because it does not seem to 
> make much of a
> > difference.
> 
> Hmm - when I remove mod_deflate (i.e. explicitly as it is the 
> default in all our installs) and test on a / entry which is a 
> static file which is large (100k)* - then I cannot get apache 
> on its knees on a freebsd machine - saturating the 1Gbit 
> connection it has (Note: the attack machines *are* getting 
> saturated).  The moment i put in mod_deflate, mod_external 
> filter, etc - it is much easier to get deplete enough 
> resources to notice.
> 
> Dw.
> 
> *: as I cannot reproduce the issue with very small index.html files.

Have you tried if the same happens with mod_deflate, but with one of the
the proposed mitigations in place?
As said my guess is that this might be an issue with mod_deflate that
is unrelated to the Range request issue.

Regards

Rüdiger


Mime
View raw message