httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob <>
Subject Re: [users@httpd] rewrite safety? is it possible to DoS apache with mod_rewrite?
Date Fri, 09 Mar 2007 18:17:13 GMT
Matus UHLAR - fantomas wrote:
> I'm a bit concerned about mod_rewrite safety on servers with many users.
> I see there is a MaxRedirects option which defaults to 10, but afaik users may
> override this. Also, there is the [N] flag to RewriteRule which
> documentation says:
> <CITE> Use this flag to restart the rewriting process, i.e., to immediately
> go to the top of the loop.
> <B>But be careful not to create an infinite loop!</B>
> </CITE>
> I would like to ask, does the MaxRedirects apply in case of using this flag?

No. Be aware of PR 38642 
(, the problem 
described there can cause a situation which leads to infinite looping.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message