On 24 Aug 2011, at 12:57, Plüm, Rüdiger, VF-Group wrote:
>> -> Where possible - disable mod_deflate
>>
>> => we sure this covers all cases - or this is a good stopgap ?
>
> As said this has *nothing* to do with mod_deflate. This was IMHO just
> a guess by the original author of the tool.
Ok - but when I try it on my servers (with the check of the tool removed) - it
seems quite impotent unless mod_deflate is in the wire.
And it seems a bit more potent when there is other 'keep in the air' modules
around.
So I guess mod_deflate is right now the largest 'plug' we have in the server
which can cause this backup ?
Or is that totally wrong. Happy to stand correctede !
>> -> Where possible - set LimitRequestFieldSize to a small value
>>
>> -> Suggesting of 128 fine ?
>>
>> -> Where this is not possible (e.g. long cookies, auth
>> headers of serious size) consider using
>> mod_rewrite to not accept more than a few commas
>>
>> => anyone a config snipped for this ?
>
> How about the following (untested) rewrite rule. It should only allow 5
> ranges at max.
>
> RewriteCond %{HTTP:range} ^bytes=[^,]+(,[^,]+){0,4}$
> RewriteRule .* - [F]
Sounds like a plan ! This mail crossed one I just sent out - lemme update that
too.
Dw.
