> -----Original Message----- > From: Eric Covener > Sent: Donnerstag, 16. Juli 2009 16:13 > To: dev@httpd.apache.org > Subject: Re: mod_deflate DoS using HEAD > > On Wed, Jul 15, 2009 at 5:19 PM, Nick Kew<n...@webthing.com> wrote: > > William A. Rowe, Jr. wrote: > > > >> So +1 to the proposed patch; in fact, +1 on unsetting C-L > and treating > >> HEAD to the same processing as 304. > > > > +1. Since it's a SHOULD not a MUST, we can be pragmatic > > with the headers. > > > > That's back to Eric's original patch, isn't it? > > For a large static file, Ruedigers patch suppresses the C-L entirely > (it gets added back in down the chain for my patch, for static files > at least) which I thought would make that prefered, if we're confident > that we'll never do more than a zlib buffer worth of work the first > go-round.
Good point. So your patch would invalidate a cached entity if the response to a GET delivered a C-L header, since HEAD and GET would deliver different C-L headers. OTOH I think only very small or extremely compressable responses (whether static or not) would have a C-L in the response to a GET, because everything that exceeeds a zlib buffer would be delivered chunked anyway. Regards Rüdiger