Tom Evans wrote:
>
> It is a bit like an arms race - I guess a solution could be to use a
> dedicated thread for reading in POST bodies.
This is why IIS appears to the author that is invulnerable; IIS does fill
an initial buffer, at least 64k worth. Exhaust that buffer and it should
cripple IIS
On Thu, 2009-06-25 at 10:17 -0500, William A. Rowe, Jr. wrote:
> André Warnier wrote:
> > fredk2 wrote:
> >> Would'nt you think that a (simple) timer for the header could fend off
> >> some
> >> of the effect. Can't we assume that if it takes more than 3 second to
> >> enter
> >> the header we do
André Warnier wrote:
> William A. Rowe, Jr. wrote:
>> André Warnier wrote:
>>> fredk2 wrote:
Would'nt you think that a (simple) timer for the header could fend off
some
of the effect. Can't we assume that if it takes more than 3 second to
enter
the header we do not want th
William A. Rowe, Jr. wrote:
André Warnier wrote:
fredk2 wrote:
Would'nt you think that a (simple) timer for the header could fend off
some
of the effect. Can't we assume that if it takes more than 3 second to
enter
the header we do not want that client (i'll have to learn to type
faster in
tel
André Warnier wrote:
> fredk2 wrote:
>> Would'nt you think that a (simple) timer for the header could fend off
>> some
>> of the effect. Can't we assume that if it takes more than 3 second to
>> enter
>> the header we do not want that client (i'll have to learn to type
>> faster in
>> telnet :-).
fredk2 wrote:
Would'nt you think that a (simple) timer for the header could fend off some
of the effect. Can't we assume that if it takes more than 3 second to enter
the header we do not want that client (i'll have to learn to type faster in
telnet :-).
For the headers, I think it might help.
Would'nt you think that a (simple) timer for the header could fend off some
of the effect. Can't we assume that if it takes more than 3 second to enter
the header we do not want that client (i'll have to learn to type faster in
telnet :-).
Thanks - Fred
awarnier wrote:
>
> fredk2 wrote:
>> Hi
On Thu, Jun 25, 2009 at 4:01 AM, André Warnier wrote:
> - and the arrival of the first byte of the HTTP request itself
> (the G of GET)
I think there's some magic that makes the request line in its entirety
subject to the Timeout, instead of each read.
--
Eric Covener
cove...@gmail.com
fredk2 wrote:
Hi,
http://httpd.apache.org/docs/2.2/mod/core.html#timeout says:
The TimeOut directive currently defines the amount of time Apache will wait
for three things
1. The total amount of time it takes to receive a GET request
...
1. seems to be misleading, tests with "Timeout 3" does n
Hi,
http://httpd.apache.org/docs/2.2/mod/core.html#timeout says:
The TimeOut directive currently defines the amount of time Apache will wait
for three things
1. The total amount of time it takes to receive a GET request
...
1. seems to be misleading, tests with "Timeout 3" does not appear very
10 matches
Mail list logo
