From tomcat-dev-return-58904-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org Tue May 03 17:32:56 2005 Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 31553 invoked from network); 3 May 2005 17:32:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 3 May 2005 17:32:56 -0000 Received: (qmail 110 invoked by uid 500); 3 May 2005 16:51:26 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 99907 invoked by uid 500); 3 May 2005 16:51:24 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 99893 invoked by uid 99); 3 May 2005 16:51:24 -0000 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=HTML_30_40,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from web15609.mail.cnb.yahoo.com (HELO web15609.mail.cnb.yahoo.com) (202.165.102.63) by apache.org (qpsmtpd/0.28) with SMTP; Tue, 03 May 2005 09:50:48 -0700 Message-ID: <20050503164858.50072.qmail@web15609.mail.cnb.yahoo.com> Received: from [219.136.188.252] by web15609.mail.cnb.yahoo.com via HTTP; Wed, 04 May 2005 00:48:58 CST Date: Wed, 4 May 2005 00:48:58 +0800 (CST) From: =?gb2312?q?=B9=FA=B1=FE=20=B3=C2?= Subject: Re: Code Submission - Wild Card Aliases To: Tomcat Developers List , jin@jsy.us In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-1289026176-1115138938=:48342" Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --0-1289026176-1115138938=:48342 Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 8bit ?? Jin Yu 写道: On 5/2/05, George Sexton wrote: > I have completed the coding in o.a.t.u.http.mapper.Mapper to implement > wild-card aliases. > > If a request for a host is made, and that host is not found, the code tests > the host and aliases list and looks for wild-cards. > > So, a host name of www.mydomain.com would match an alias of *.mydomain.com. > This additional level of testing is only done if the the presented host name > is not found in the standard host list. Once a host is found via wild-card, > it is added to the standard host list. Subsequent requests for that host > name will find it via the standard search mechanism. > Is there any provision to things from the host list or to limit its size? It seems the behavior of adding wild-card matches to the host list can be easily exploited in a denial of service attack by simply requesting a lot of different host names matching some wild-card until the host list consume all available memory. Jin Yu --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org 祝福你开心生活每一天! \\\|/// \\ - - // ( @ @ ) ┏━━━━ ━━oOOo- (_)-oOOo━━ ┃姓名:gzlongzhijian ┃QQ(OICQ) 40831127 (请大家Q我) ┃信箱:gzlongzhijian@yahoo.com.cn ┃主页:http://www.gzlzj.com ┃广州市石牌西路西华大街二巷二号401 ┃邮编:510630 电话:020-33629058 ┃ ┃茫茫人海,相识你是我的福份; ┃ ┃岁月如梭,送上我口里喊出的祝福 ┃ Oooo ┗━━━━━━━ oooO━ ( )━━ ( ) ) / \ ( (_/ \_) --------------------------------- Do You Yahoo!? 150万曲MP3疯狂搜,带您闯入音乐殿堂 美女明星应有尽有,搜遍美图、艳图和酷图 1G就是1000兆,雅虎电邮自助扩容! --0-1289026176-1115138938=:48342--