> However, resource starvation/denial of service is a serious
> potential problem. Fire up a couple hundred connections where
> you feed a very large Host: string ...
Go to any web site and hit its search engine 200 times. It will most
likely die a horrible death. In fact, any routine request to a web
server with 200 connections and lots of valid/longish headers will
have the same problem.
Just pointing out that some things are not avoidable by checking
limits everywhere. I think total headers are already limited by
a config directive.
Jim
>
> What I would be concerned with is the fact that Greg's solution
> hardcodes the protocol in ("http://";) which would break if the
> server was running HTTPS, but then you wouldn't be doing
> software virtual-hosting anyway, so maybe it's a moot point.
>
> -- Dossy
>
> --
> Dossy Shiobara mail: [EMAIL PROTECTED]
> Panoptic Computer Network web: http://www.panoptic.com/
> "He realized the fastest way to change is to laugh at your own
> folly -- then you can let go and quickly move on." (p. 70)
>
