> Could a malicious user > use such a feature to perform a DOS attack by hitting a file that is > known to be large (logs etc.)? Two requests a minute could tie up one > core.
I've tested a bit more and finding this behaviour on both BSD and Ubuntu
under Apache 2.2 /PHP 5.2
As a quick fix if this is confirmed, can I suggest adding a
RewriteCond to shindig/php/.htaccess:
RewriteCond %{QUERY_STRING} !(.*?file\:\/.*?)
Tim
