httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: DoS with mod_deflate & range requests
Date Wed, 24 Aug 2011 16:05:12 GMT
 

> -----Original Message-----
> From: Jim Jagielski [mailto:jim@jaguNET.com] 
> Sent: Mittwoch, 24. August 2011 18:02
> To: dev@httpd.apache.org
> Subject: Re: DoS with mod_deflate & range requests
> 
> Sorting isn't allowed but I get the impression that merging is OK...
> Roy can confirm...

But merging might require sorting...

> 
> If not, then some sort of runtime limit on the number of allowable
> ranges plus a 416 w/ overlapping ranges makes the most sense.
> 
> On Aug 24, 2011, at 11:55 AM, Plüm, Rüdiger, VF-Group wrote:
> > 
> > Hm. If I got it right what Roy says above about the spec 
> sorting and merging is
> > not an option as we need to stick to the order and number 
> of ranges the client
> > requested. But we can deny overlapping with a 416.
> > Or we do a 416 as well if merging would change something.
> > 
> > Regards
> > 
> > Rüdiger
> > 
> 
> 

Regards

Rüdiger

Mime
View raw message