httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donatas Abraitis <donatas.abrai...@gmail.com>
Subject Re: TTLimit directive
Date Tue, 13 Jun 2017 11:20:07 GMT
Hey Nick,

it must be 0, not 255. I updated it in patch attached 👍

Sent from my iPhone

> On 13 Jun 2017, at 13:52, Nick Kew <niq@apache.org> wrote:
> 
>> On Tue, 2017-06-13 at 11:41 +0300, Donatas Abraitis wrote:
>> 
>> I would like to propose this patchset allowing to set maximum TTL value for incoming
requests. This is not a usual use case, but I'm interested (maybe others too) to have this
in place. The real use case would be like this one http://blog.donatas.net/blog/2017/04/20/http-request-validation/.

> 
> Thanks!  I'm not sure I follow your exact scenario, but it
> looks like a modest enhancement at very low cost or risk!
> 
>> TL;DR: if you want to deny requests bypassing proxy layer (in this case Apache operates
as a backend). Hence set TTLimit to 1 and Apache will be able to handle requests coming almost
from the local network, because packets with TTL usually come from local networks.
>> 
>> 
>> I don't know which place is the right place to put patches, but
>> original patch is here:
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=61179
>> https://bz.apache.org/bugzilla/attachment.cgi?id=35048
> 
> That's exactly the right place.
> 
> At first glance, patch looks interesting, and I'm minded to
> adopt (some version of) it for trunk.  Though I think I'd
> default it to 0 (off) rather than your 255.  Any other views?
> 
> -- 
> Nick Kew
> 
> 

Mime
View raw message