From dev-return-72334-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org Wed Aug 24 21:16:17 2011 Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DB07C846E for ; Wed, 24 Aug 2011 21:16:13 +0000 (UTC) Received: (qmail 21066 invoked by uid 500); 24 Aug 2011 21:16:13 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 20945 invoked by uid 500); 24 Aug 2011 21:16:12 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 20937 invoked by uid 99); 24 Aug 2011 21:16:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Aug 2011 21:16:12 +0000 X-ASF-Spam-Status: No, hits=0.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [173.201.192.230] (HELO p3plsmtpa07-01.prod.phx3.secureserver.net) (173.201.192.230) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 24 Aug 2011 21:16:03 +0000 Received: (qmail 30656 invoked from network); 24 Aug 2011 21:15:41 -0000 Received: from unknown (76.252.112.72) by p3plsmtpa07-01.prod.phx3.secureserver.net (173.201.192.230) with ESMTP; 24 Aug 2011 21:15:41 -0000 Message-ID: <4E5569CE.6030504@rowe-clan.net> Date: Wed, 24 Aug 2011 16:14:54 -0500 From: "William A. Rowe Jr." User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: Fixing Ranges References: <20110824220643.17819937@baldur> In-Reply-To: <20110824220643.17819937@baldur> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 8/24/2011 4:06 PM, Nick Kew wrote: > AFAICS[1], we've discussed an advisory and some protections > users can deploy. For the future we should be looking at > a robust solution that prevents Range requests only when > they're likely to present a problem. > > Most obviously, we should be able to serve arbitrary ranges > from any static or cached file without sweat to support > apps such as JPEG2000 or PDF streaming. That can be done > much more efficiently at source than in a ranges filter. > > Does this look like a plan? > > 1. Add Ranges capability into the default handler and mod_cache. > They could then set a "ranges-handled" flag in r->notes. Fails if the default handler has been filtered into a differently sized document, e.g. code page conversion. > 2. Insert the Ranges filter according to the logic that's > been discussed here today. > 3. The Ranges filter then checks ranges-handled, and removes > itself if set, to avoid returning recursive ranges. You are now requiring all filters which change the document's geometry to not only discard C-L, but also reset ranges-handled. Not a reasonable path forward for 2.[02].x.