On Aug 25, 2011, at 2:56 AM, Plüm, Rüdiger, VF-Group wrote: > > >> -----Original Message----- >> From: Stefan Fritsch >> Sent: Donnerstag, 25. August 2011 08:21 >> To: [email protected] >> Subject: Re: DoS with mod_deflate & range requests >> >> On Thursday 25 August 2011, Jim Jagielski wrote: >>> OK then... we seem to be coalescing into some consensus here... >>> basically, if the client sends stuff which is brain-dead stupid, >>> we simply 2000 and send the whole kit-and-kaboodle. >>> >>> I'd like to propose that we update the byterange filter to perform >>> the following: >>> >>> o coalesce all adjacent ranges, whether overlapping or not. >>> (eg: 200-250,251-300 & 200-250,220-300 both merge to 200-300) >> >> This may still confuse a broken client. Maybe we could omit that from >> the 2.2 patch for now and only commit to 2.3. > > Sounds like a plan. Or make it configurable with a default of off in 2.2.x > and on in 2.3.x > >> >>> o We count: >>>> the number of times a gap between ranges is <80bytes >>>> the number of times we hit a descendent range >>> (eg: 200-1000,2000-3000,1200-1500,4000-5000 would count as >>> 1) > the number of ranges total (post ascending merge) >>> If any >= some config-time limit, we send a 200 >>> >>> This is a start and was chosen simply for ease of implementation... >>> We can then expand it to be more functional... >>> >>> Comments? > > > Looks good. Plus we should implement the patch from Stefan below and then we > should be good. >
++1 (see other thread: Fixing Ranges)
