httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob <bobsie...@googlemail.com>
Subject Re: [users@httpd] rewrite safety? is it possible to DoS apache with mod_rewrite?
Date Fri, 09 Mar 2007 18:17:13 GMT
Matus UHLAR - fantomas wrote:
> I'm a bit concerned about mod_rewrite safety on servers with many users.
> I see there is a MaxRedirects option which defaults to 10, but afaik users may
> override this. Also, there is the [N] flag to RewriteRule which
> documentation says:
> 
> <CITE> Use this flag to restart the rewriting process, i.e., to immediately
> go to the top of the loop.
> <B>But be careful not to create an infinite loop!</B>
> </CITE>
> 
> I would like to ask, does the MaxRedirects apply in case of using this flag?

No. Be aware of PR 38642 
(http://issues.apache.org/bugzilla/show_bug.cgi?id=38642), the problem 
described there can cause a situation which leads to infinite looping.

-- 
Bob

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message