tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jin Yu <jin...@gmail.com>
Subject Re: Code Submission - Wild Card Aliases
Date Tue, 03 May 2005 14:48:09 GMT
On 5/2/05, George Sexton <gsexton@mhsoftware.com> wrote:
> I have completed the coding in o.a.t.u.http.mapper.Mapper to implement
> wild-card aliases.
> 
> If a request for a host is made, and that host is not found, the code tests
> the host and aliases list and looks for wild-cards.
> 
> So, a host name of www.mydomain.com would match an alias of *.mydomain.com.
> This additional level of testing is only done if the the presented host name
> is not found in the standard host list. Once a host is found via wild-card,
> it is added to the standard host list. Subsequent requests for that host
> name will find it via the standard search mechanism.
> 

Is there any provision to things from the host list or to limit its
size?  It seems the behavior of adding wild-card matches to the host
list can be easily exploited in a denial of service attack by simply
requesting a lot of different host names matching some wild-card until
the host list consume all available memory.

Jin Yu

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message