[svlug] Heads up: Bad remote DoS for current Apache httpd

Rick Moen rick at linuxmafia.com
Wed Aug 24 22:42:17 PDT 2011


I should add that all existing workarounds suggested so far
(http://article.gmane.org/gmane.comp.apache.announce/58) may break
serving of some file types such as 'complex HTTP-based video streaming',
because all rely on either limiting or entirely disallowing use of HTTP
'Range' headers, used to request only part of a file (e.g., 'Range:
bytes=500-999').

The Apache developers are still discussing what long-term solution
to work into the upcoming patch.  Discussion here:
https://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3C20110824220643.17819937@baldur%3E

-- 
Cheers,                               ["Exit, pursued by a bear."]
Rick Moen                             -- The Winter's Tale, Act III, Scene III
rick at linuxmafia.com  
McQ!  (4x80)




More information about the svlug mailing list