On 2/13/07, Nick Kew <[EMAIL PROTECTED]> wrote:
On Tue, 13 Feb 2007 11:30:32 +0000
"Ivan Ristic" <[EMAIL PROTECTED]> wrote:
> No. If there's no C-L ModSecurity will count the bytes as they arrive.
> If there are too many the entire response will be blocked with 500
> (and the error page sent to the client).
That's a tradeoff you make against performance.
Of course it's a tradeoff. Isn't everything?
I would consider
it unacceptable to buffer entire requests or responses at a proxy.
That depends entirely on system's security requirements. Some people
require the screening/prevention functionality. Some people, such as
yourself, don't. It's for everyone to consider what they want, along
with the implications, and make their decisions accordingly.
At best it's a big performance hit; at worst it's a DoS-magnet.
Don't be so dramatic :) Every single new feature added to a web server
is a performance hit and a DoS magnet. And yet there's plenty of sites
that moved on from static files! The ingredients matter but it's how
you build it that counts.
I have made it a point to document everything there is to know about
ModSecurity. It's what it is. I built it because it was fun and
because I could. People should make their own minds. I am fine either
way.
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/
--
Ivan Ristic