- From: Yves Lafon <ylafon@w3.org>
- Date: Thu, 25 Mar 2010 19:34:37 -0400 (EDT)
- To: ietf-http-wg@w3.org
The proposal is to add the following text in section 7.
(Security Considerations) of Part 5 [1]
<<
7.1 Range Flooding
Range requests containing overlapping ranges may lead to the situation
where a server is sending far more data than the size of the complete
resource representation. This can generate Denial of Service attacks.
>>
There are multiple ways a server can reject (or ignore the Range: header)
such requests, so no advice is given on how to process it.
[1] http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-09#section-7
--
Baroula que barouleras, au tiéu toujou t'entourneras.
~~Yves
Received on Thursday, 25 March 2010 23:34:39 UTC