httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <...@apache.org>
Subject Re: TTLimit directive
Date Tue, 13 Jun 2017 10:52:29 GMT
On Tue, 2017-06-13 at 11:41 +0300, Donatas Abraitis wrote:

> I would like to propose this patchset allowing to set maximum TTL value for incoming
requests. This is not a usual use case, but I'm interested (maybe others too) to have this
in place. The real use case would be like this one http://blog.donatas.net/blog/2017/04/20/http-request-validation/.


Thanks!  I'm not sure I follow your exact scenario, but it
looks like a modest enhancement at very low cost or risk!

> TL;DR: if you want to deny requests bypassing proxy layer (in this case Apache operates
as a backend). Hence set TTLimit to 1 and Apache will be able to handle requests coming almost
from the local network, because packets with TTL usually come from local networks.
> 
> 
> I don't know which place is the right place to put patches, but
> original patch is here:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=61179
> https://bz.apache.org/bugzilla/attachment.cgi?id=35048

That's exactly the right place.

At first glance, patch looks interesting, and I'm minded to
adopt (some version of) it for trunk.  Though I think I'd
default it to 0 (off) rather than your 255.  Any other views?

-- 
Nick Kew



Mime
View raw message