> -----Original Message----- > From: Jim Jagielski [mailto:j...@jagunet.com] > Sent: Mittwoch, 24. August 2011 17:48 > To: dev@httpd.apache.org > Subject: Re: DoS with mod_deflate & range requests > > > On Aug 24, 2011, at 4:05 AM, Plüm, Rüdiger, VF-Group wrote: > > > > > Patch looks good, but some comments: > > > > As far as I can see the following range request would not > get merged: > > > > Range: bytes=0-0,1-1,2-2 > > > > into a 0-2 range as need_sort would remain 0. OTOH > > > > Range: bytes=0-0,0-1,1-2 > > > > would get get merged into a 0-2 range. > > > > Using boundary and !boundary in the later if statements to > decide whether a request > > is multi range or single range is IMHO bad as boundary is > set based on the old number > > ranges and not based on the number of merged ranges. So > multiple ranges in the beginning > > might get merged to a single range in the end. > > +1... > > Suggestion: Let's fold the patch, as-is, into trunk, tune it there > and then backport to 2.x... >
Based on Roy's comment about the spec I think we cannot optimize this way. I think we can only detect if something weird goes on (overlapping, merging would result in smaller number of ranges, excessive number of ranges, whereas "excessive" needs to be configurable with a sane default) and reply with a 416 then. Regards Rüdiger