On 14 Feb 2011, at 1:56 AM, Paul Querna wrote:
Additionally, this should be a configurable behavior.
Lets say you run a popular website that depends on mod_cache to
protect backend systems from complete overload.
All you need to do now as an attacker is POST / DELETE to / or another
important URL every 200ms, and the cache becomes invalidated, causing
a flood of requests to backends that might not be able to support it.
Thoughts?
How is this different from "Cache-Control: no-cache" in the request?
Regards,
Graham
--
