On Fri, Dec 12, 2008 at 02:41:14PM -0600, William Rowe wrote: > jor...@apache.org wrote: > > Author: jorton > > Date: Fri Dec 12 12:20:40 2008 > > New Revision: 726109 > > > > URL: http://svn.apache.org/viewvc?rev=726109&view=rev > > Log: > > mod_ssl: Make the size of the per-dir-reneg request-body buffer > > configurable, by popular demand: > > Nice, now if we just grew apreq refactoring, we would gain request body > disk-based buffering ;-)
Disk buffering here sounds like it would be a DoS attack waiting to happen. > Question; if they present us the opportunity to present a 100 CONTINUE, > can we perform the handshake first? If so, should we just throw in one > of our sneeky little env flags to allow allow the user to cripple this > by client? The buffering was never done if r->expecting_100 is true; I've not tested that specific case but it should work already. Regards, Joe