Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 79487 invoked from network); 3 May 2005 15:32:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 3 May 2005 15:32:57 -0000 Received: (qmail 56083 invoked by uid 500); 3 May 2005 14:50:13 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 56058 invoked by uid 500); 3 May 2005 14:50:12 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 56031 invoked by uid 99); 3 May 2005 14:50:12 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=RCVD_BY_IP X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of jinxyu@gmail.com designates 64.233.184.204 as permitted sender) Received: from wproxy.gmail.com (HELO wproxy.gmail.com) (64.233.184.204) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 03 May 2005 07:50:12 -0700 Received: by wproxy.gmail.com with SMTP id 49so74648wri for ; Tue, 03 May 2005 07:48:10 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=g5xANbIYt7SbuBoS59aTwMroyN0I5VLefa63GoWQnV5OD+GWKdoZP4b2ZMqgR0gUj8MluWXRKmEIgZg0P7Zh/+Dqqmg3QRuCat3TiplvysQBCZejwO5Ol1vZRe2xH/dKKRJipewkDZ6fUqIwRmXPHJqVEip5cxvXfmswZRxnka8= Received: by 10.54.20.37 with SMTP id 37mr291811wrt; Tue, 03 May 2005 07:48:09 -0700 (PDT) Received: by 10.54.20.43 with HTTP; Tue, 3 May 2005 07:48:09 -0700 (PDT) Message-ID: <84cfabd605050307481510eb12@mail.gmail.com> Date: Tue, 3 May 2005 10:48:09 -0400 From: Jin Yu Reply-To: jin@jsy.us To: Tomcat Developers List Subject: Re: Code Submission - Wild Card Aliases In-Reply-To: <20050503030947.BA663153ED@mail.mhsoftware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20050503030947.BA663153ED@mail.mhsoftware.com> X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On 5/2/05, George Sexton wrote: > I have completed the coding in o.a.t.u.http.mapper.Mapper to implement > wild-card aliases. >=20 > If a request for a host is made, and that host is not found, the code tes= ts > the host and aliases list and looks for wild-cards. >=20 > So, a host name of www.mydomain.com would match an alias of *.mydomain.co= m. > This additional level of testing is only done if the the presented host n= ame > is not found in the standard host list. Once a host is found via wild-car= d, > it is added to the standard host list. Subsequent requests for that host > name will find it via the standard search mechanism. >=20 Is there any provision to things from the host list or to limit its size? It seems the behavior of adding wild-card matches to the host list can be easily exploited in a denial of service attack by simply requesting a lot of different host names matching some wild-card until the host list consume all available memory. Jin Yu --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org