httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: TTLimit directive
Date Tue, 13 Jun 2017 10:52:29 GMT
On Tue, 2017-06-13 at 11:41 +0300, Donatas Abraitis wrote:

> I would like to propose this patchset allowing to set maximum TTL value for incoming
requests. This is not a usual use case, but I'm interested (maybe others too) to have this
in place. The real use case would be like this one

Thanks!  I'm not sure I follow your exact scenario, but it
looks like a modest enhancement at very low cost or risk!

> TL;DR: if you want to deny requests bypassing proxy layer (in this case Apache operates
as a backend). Hence set TTLimit to 1 and Apache will be able to handle requests coming almost
from the local network, because packets with TTL usually come from local networks.
> I don't know which place is the right place to put patches, but
> original patch is here:

That's exactly the right place.

At first glance, patch looks interesting, and I'm minded to
adopt (some version of) it for trunk.  Though I think I'd
default it to 0 (off) rather than your 255.  Any other views?

Nick Kew

View raw message