tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jin Yu <>
Subject Re: Code Submission - Wild Card Aliases
Date Tue, 03 May 2005 14:48:09 GMT
On 5/2/05, George Sexton <> wrote:
> I have completed the coding in o.a.t.u.http.mapper.Mapper to implement
> wild-card aliases.
> If a request for a host is made, and that host is not found, the code tests
> the host and aliases list and looks for wild-cards.
> So, a host name of would match an alias of *
> This additional level of testing is only done if the the presented host name
> is not found in the standard host list. Once a host is found via wild-card,
> it is added to the standard host list. Subsequent requests for that host
> name will find it via the standard search mechanism.

Is there any provision to things from the host list or to limit its
size?  It seems the behavior of adding wild-card matches to the host
list can be easily exploited in a denial of service attack by simply
requesting a lot of different host names matching some wild-card until
the host list consume all available memory.

Jin Yu

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message