> However, resource starvation/denial of service is a serious > potential problem. Fire up a couple hundred connections where > you feed a very large Host: string ...
Go to any web site and hit its search engine 200 times. It will most likely die a horrible death. In fact, any routine request to a web server with 200 connections and lots of valid/longish headers will have the same problem. Just pointing out that some things are not avoidable by checking limits everywhere. I think total headers are already limited by a config directive. Jim > > What I would be concerned with is the fact that Greg's solution > hardcodes the protocol in ("http://") which would break if the > server was running HTTPS, but then you wouldn't be doing > software virtual-hosting anyway, so maybe it's a moot point. > > -- Dossy > > -- > Dossy Shiobara mail: [EMAIL PROTECTED] > Panoptic Computer Network web: http://www.panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70) >