Mathias Herberts wrote:
Now that I think more of that, you can use the Apache's
'LimitRequestLine' directive (default 8190), so this won't get to
the mod_jk at first.
this will indeed fix some cases, but the AJP13 packet can still be
filled up by adding junk headers to the request, Apache does not take
headers into account to compute the size of the RequestLine (only the
URI is).
Yes, this is the limitation of the AJP13 protocol.
AJP14 will have unlimited initial header size, consisting of
multiple packets in case of overflow.
The DOS condition is then still there.
I have a patch for 1.2.9, so you will need to upgrade the jk.
Regards,
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
