httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Frightened of ap_xml_parse_input
Date Wed, 23 May 2007 01:10:28 GMT
Tim Bray wrote:
> Gosh, this looks convenient.  Suppose someone malicious POSTS a
> jabber-style endless pipe?   Or suppose that as a matter of policy I
> simply don't want to accept something bigger than X, for some value of
> X.  Are there any throttles or memory caps or whatever?
> 
> I'm kind of surprised at mod_dav cheerfully pointing this at, well,
> whatever got pushed up the pipe.

LimitRequestBody ?

General purpose solutions are usually more interesting than solving each
specific DoS pathway.

Mime
View raw message