On 2001.12.07, Rob Mayoff <[EMAIL PROTECTED]> wrote:
> +---------- On Dec 7, Dossy said:
> > However, resource starvation/denial of service is a serious
> > potential problem. Fire up a couple hundred connections where
> > you feed a very large Host: string ...
>
> On the contrary, AOLserver limits both the size of each HTTP header
> line (default 8192 bytes), and the total size of all header lines
> (default 16384 bytes).
So, this request:
POST / HTTP/1.0
Host: <8186 bytes>
Content-Length: 64000
<64000 of data>
(assuming 64kB is the MAXPOST limit, perhaps it's smaller) would
use up around 72kb of data per connection (plus more for internal
data structure overhead). 100 simultaneous requests would chew
up around 7.5 MB, which isn't much.
Perhaps there are other things one can do to really thrash a
webserver that aren't specific to AOLserver itself, though.
Perhaps this is a moot point.
-- Dossy
--
Dossy Shiobara mail: [EMAIL PROTECTED]
Panoptic Computer Network web: http://www.panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
