[7877] in bugtraq
Re: Web servers / possible DOS Attack / mime header flooding
daemon@ATHENA.MIT.EDU (Lars Eilebrecht)
Thu Sep 3 18:13:36 1998
Date: Fri, 4 Sep 1998 00:00:26 +0200
Reply-To: Lars Eilebrecht <lars@APACHE.ORG>
From: Lars Eilebrecht <lars@APACHE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199809031034.MAA03518@krusty.u-bordeaux.fr>
-----BEGIN PGP SIGNED MESSAGE-----
According to Laurent FACQ:
> # mimeflood.pl - 02/08/1998 - L.Facq (facq@u-bordeaux.fr)
This is generally a variant of the recently posted
Sioux DoS attack and if you have applied the patch
posted by Ben Laurie this 'mimeflood' script won't
harm your server in any way.
FYI, the next version of Apache will include the following new directives:
- LimitRequestLine: limits the size of the request line
- LimitRequestFields: limits the number of header lines
- LimitRequestFieldsize: limits the size of each header line
- LimitRequestBody: limits the size of the entity-body
Sensible default values are used if the directives are unset
which will prevent the server from beeing flooded with bogus requests...
[...]
> ##################################################
> #From Roy T. Fielding / Sep 2 '98 at 12:57 pm -420
> #
> #[...]
> #>
> #> -> may be a limit on mime header number could be added.
> #
> #Such limits have already been added to 1.3.2-dev.
> #
> #.....Roy
Redistributing private email is considered to be very rude... or do you
have the permission from Roy to post his message?
Regards...
- --
Lars Eilebrecht
sfx@unix-ag.org
lars@apache.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
iQCSAwUBNe8ReT6Pt/L4g0HZAQFw3gPmMDISBodr5OAVDWfVNLygwTbFIHm0vbGP
qJ+mDspBxFr39OJq+VwdNd32onHcJlcTWqAMhxQjSV4u4SlvzRPVD8U7X0QeCO4A
XjskKT+n72lw94VL6Q0tmpomzeQVh3wrasRe4H9z5injONyiS7avWwyNIN79FMT2
uH6QMzc=
=5cLS
-----END PGP SIGNATURE-----
