tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 国炳 陈 <gzlongzhij...@yahoo.com.cn>
Subject Re: Code Submission - Wild Card Aliases
Date Tue, 03 May 2005 16:48:58 GMT
??


Jin Yu <jinxyu@gmail.com> 写道:
On 5/2/05, George Sexton wrote:
> I have completed the coding in o.a.t.u.http.mapper.Mapper to implement
> wild-card aliases.
> 
> If a request for a host is made, and that host is not found, the code tests
> the host and aliases list and looks for wild-cards.
> 
> So, a host name of www.mydomain.com would match an alias of *.mydomain.com.
> This additional level of testing is only done if the the presented host name
> is not found in the standard host list. Once a host is found via wild-card,
> it is added to the standard host list. Subsequent requests for that host
> name will find it via the standard search mechanism.
> 

Is there any provision to things from the host list or to limit its
size? It seems the behavior of adding wild-card matches to the host
list can be easily exploited in a denial of service attack by simply
requesting a lot of different host names matching some wild-card until
the host list consume all available memory.

Jin Yu

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org



祝福你开心生活每一天!
\\\|///
\\ - - //
( @ @ )
┏━━━━ ━━oOOo- (_)-oOOo━━
┃姓名:gzlongzhijian 
┃QQ(OICQ) 40831127 (请大家Q我) 
┃信箱:gzlongzhijian@yahoo.com.cn 
┃主页:http://www.gzlzj.com 
┃广州市石牌西路西华大街二巷二号401 
┃邮编:510630 电话:020-33629058 
┃ 
┃茫茫人海,相识你是我的福份; 
┃ 
┃岁月如梭,送上我口里喊出的祝福 
┃ Oooo 
┗━━━━━━━ oooO━ ( )━━
( ) ) /
\ ( (_/
\_)



---------------------------------
Do You Yahoo!?
150万曲MP3疯狂搜,带您闯入音乐殿堂
美女明星应有尽有,搜遍美图、艳图和酷图
1G就是1000兆,雅虎电邮自助扩容!
Mime
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message