Am 01.05.2013 13:51, schrieb André Warnier: > There is so far one possible pitfall, which was identified by someone earlier > on this list : the fact that delaying > 404 responses might have a bad effect on some particular kind of usage by > legitimate clients/users. So far, I > believe that such an effect could be mitigated by the fact that this option > could be turned off, by any webserver > administrator with a modicum of knowledge
do you really not understand it? anything which bring security risks and makes normal operations more fragile MUST NOT be the default behavior of a webserver and YES making DOS-attacks easier is treatet as security risk by any professional auditor and there where i work "threat middle" means "fix it or shut down the customers project" and the last time i got this was by a not visible protection against Slowloris from the view of the security-scanner __________________________________________ here you have something to read and learn that more and more attacks are done this way by exhausting ressources without high bandwith and THIS are the real problems server-admins have to fight and not the noise you see on your small site http://www.slashroot.in/slowloris-http-dosdenial-serviceattack-and-prevention
signature.asc
Description: OpenPGP digital signature
