* Plüm, Rüdiger, VF-Group: > As said this has *nothing* to do with mod_deflate. This was IMHO just > a guess by the original author of the tool.
This matches my testing, too. I see a significant peak in RAM usage on a server where "apachectl -M" does not print anything with the string "deflate" (so I assume that mod_deflate is not enabled). This is with 2.2.9-10+lenny9 on Debian. If it is more difficult to check if mod_deflate is enabled, the advisory should tell how to check your server. If the method I used is the correct one, I don't think it's reasonable to suggest disabling mod_deflate as a mitigation because it does not seem to make much of a difference. -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
