Unless I'm missing something, this patch would make the proxy vulnerable to a DoS. An attacker could cause the httpd to buffer an arbitrarily large amount of data simply by sending an arbitrarily large request body, right?
Brian On Tue, 2002-12-10 at 15:55, Bill Stoddard wrote: > Any objections to porting this to 2.0? > > Bill > > jerenkrantz 2002/12/08 21:37:27 > > Modified: . CHANGES > modules/proxy proxy_http.c > Log: > Rewrite how proxy sends its request to allow input bodies to morph the request > bodies. Previously, if an input filter changed the request body, the > original C-L would be sent which would be incorrect. > > Due to HTTP compliance, we must either send the body T-E: chunked or include > a C-L for the request body. Connection: Close is not an option.
