Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Apache: Dev Re: DoS with mod_deflate & range requests   Index | Next | Previous | View Flat

sf at sfritsch Aug 24, 2011, 2:04 PM Views: 3062 Permalink Re: DoS with mod_deflate & range requests [In reply to] On Wednesday 24 August 2011, Dirk-WIllem van Gulik wrote: > > I think no matter what, we should still have some sort of > > upper limit on the number of range-sets we accept… after all, > > merge doesn't prevent jumping around ;) > > > > > > > > > > The problem I have with the upper limit on the number of range > > sets is the use case someone posted for JPEG2000 > > streaming. That has a lot of range sets but is completely > > legit. However, the ranges are in ascending order and don't > > overlap. Maybe we could count overlaps and/or non-ascending > > order ranges and fall back to 200 + the whole object if it > > exceeds a limit. > > Right - and the other two use cases in the wild are > > - PDF readers - which fetch something at the start in RQ 1 > and then the index form the end - and then quick looks images for > each page and title pages. I've seen them do a second and 3rd > request with many 10's of ranges. > > - Some of the streaming video (semi/pro) video editors - > which fetch a bunch of i-Frames and do clever skip over stuff. Not > in the high tens; but 10-15 ranges common. > > - Likewise for very clever MXF professional editing equipment > - the largest case (yup - it did crash my server) tried to fetch > over 2000 ranges :) > > So I think we really should endeavor to allow 50 to a few 100 of > them. Or at the very least - make it a config option to cut off > below 50 or so. Do you know if those clients send the ranges in order? If they are sorted, it is easy to check if they are non-overlapping. And in that case, we could easily allow 1000 ranges.

Subject User Time DoS with mod_deflate & range requests sf at sfritsch Aug 23, 2011, 4:08 AM     RE: DoS with mod_deflate & range requests ruediger.pluem at vodafone Aug 23, 2011, 5:11 AM     Re: DoS with mod_deflate & range requests lazy404 at gmail Aug 23, 2011, 5:15 AM     Re: DoS with mod_deflate & range requests lazy404 at gmail Aug 23, 2011, 6:56 AM     Re: DoS with mod_deflate & range requests isoma at jellybaby Aug 23, 2011, 7:00 AM     Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 23, 2011, 11:18 AM         Re: DoS with mod_deflate & range requests sf at sfritsch Aug 23, 2011, 11:49 AM             Re: DoS with mod_deflate & range requests mohameddawaina at gmail Aug 23, 2011, 11:52 AM             Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 23, 2011, 12:32 PM                 Re: DoS with mod_deflate & range requests ames.greg at gmail Aug 23, 2011, 2:00 PM     Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 23, 2011, 2:34 PM         Re: DoS with mod_deflate & range requests sf at sfritsch Aug 23, 2011, 3:28 PM             RE: DoS with mod_deflate & range requests ruediger.pluem at vodafone Aug 24, 2011, 1:05 AM         Re: DoS with mod_deflate & range requests fielding at gbiv Aug 23, 2011, 6:34 PM             Re: DoS with mod_deflate & range requests sf at sfritsch Aug 23, 2011, 11:38 PM             Re: DoS with mod_deflate & range requests isoma at jellybaby Aug 24, 2011, 8:35 AM                 Re: DoS with mod_deflate & range requests Dirk-Willem.van.Gulik at bbc Aug 24, 2011, 8:46 AM                     RE: DoS with mod_deflate & range requests ruediger.pluem at vodafone Aug 24, 2011, 8:55 AM                 Re: DoS with mod_deflate & range requests fielding at gbiv Aug 24, 2011, 1:56 PM                     Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 2:12 PM                     Re: DoS with mod_deflate & range requests fielding at gbiv Aug 24, 2011, 2:54 PM                         Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 4:39 PM                             Re: DoS with mod_deflate & range requests fielding at gbiv Aug 24, 2011, 4:43 PM                                 Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 4:50 PM                         Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 6:01 PM                     Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 5:59 PM                         Re: DoS with mod_deflate & range requests sf at sfritsch Aug 24, 2011, 11:21 PM                             RE: DoS with mod_deflate & range requests ruediger.pluem at vodafone Aug 24, 2011, 11:56 PM             Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 8:41 AM     Re: DoS with mod_deflate & range requests h.reindl at thelounge Aug 23, 2011, 3:12 PM     Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 8:48 AM         RE: DoS with mod_deflate & range requests ruediger.pluem at vodafone Aug 24, 2011, 9:02 AM     Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 9:01 AM         RE: DoS with mod_deflate & range requests ruediger.pluem at vodafone Aug 24, 2011, 9:05 AM     Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 9:22 AM         Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 9:42 AM             Re: DoS with mod_deflate & range requests ames.greg at gmail Aug 24, 2011, 12:10 PM             Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 12:34 PM                 Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 1:12 PM                     Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 2:01 PM     Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 9:33 AM         Re: DoS with mod_deflate & range requests sf at sfritsch Aug 24, 2011, 9:47 AM             Re: DoS with mod_deflate & range requests isoma at jellybaby Aug 24, 2011, 11:43 AM                 Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 12:13 PM                     Re: DoS with mod_deflate & range requests isoma at jellybaby Aug 24, 2011, 1:37 PM     Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 12:19 PM         Re: DoS with mod_deflate & range requests ames.greg at gmail Aug 24, 2011, 1:39 PM     Re: DoS with mod_deflate & range requests dirkx at webweaving Aug 24, 2011, 1:45 PM     Re: DoS with mod_deflate & range requests fielding at gbiv Aug 24, 2011, 1:58 PM     Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 2:00 PM         Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 2:08 PM     Re: DoS with mod_deflate & range requests sf at sfritsch Aug 24, 2011, 2:04 PM     Re: DoS with mod_deflate & range requests jim at jaguNET Aug 24, 2011, 2:06 PM         Re: DoS with mod_deflate & range requests wrowe at rowe-clan Aug 24, 2011, 2:19 PM         Re: DoS with mod_deflate & range requests ames.greg at gmail Aug 24, 2011, 2:32 PM     Re: DoS with mod_deflate & range requests jim at jaguNET Aug 25, 2011, 4:41 AM

Index | Next | Previous | View Flat   Apache     Announce     Users     Dev     Bugs     CVS     Docs

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.