The following reply was made to PR mod_include/3323; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: "Joseph W." <[EMAIL PROTECTED]> Cc: Apache bugs database <[EMAIL PROTECTED]> Subject: Re: mod_include/3323: Dos style attack with the usage of SSI's include virtual directive Date: Sat, 31 Oct 1998 11:55:47 -0800 (PST) On 31 Oct 1998, Joseph W. wrote: > The following reply was made to PR mod_include/3323; it has been noted by > GNATS. > > From: "Joseph W." <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Cc: Subject: Re: mod_include/3323: Dos style attack with the usage of SSI's > include virtual directive > Date: Sat, 31 Oct 1998 11:17:08 -0700 > > That is exactly this case, recursive includes. > The only problem here though is that it eventually will crash > the machine. At least the machine that this was tested on. > > I guess we will have to trust our users that they won't try to > exploit this for now. <g> Or simply do what is recommended anyway: set a ulimit on the amount of memory a httpd process can use before you start it. This protects against 40394 DoS attacks with a minimal or nil impact on legitimate use.
