On Tue, 2017-06-13 at 11:41 +0300, Donatas Abraitis wrote: > I would like to propose this patchset allowing to set maximum TTL value for > incoming requests. This is not a usual use case, but I'm interested (maybe > others too) to have this in place. The real use case would be like this one > http://blog.donatas.net/blog/2017/04/20/http-request-validation/.
Thanks! I'm not sure I follow your exact scenario, but it looks like a modest enhancement at very low cost or risk! > TL;DR: if you want to deny requests bypassing proxy layer (in this case > Apache operates as a backend). Hence set TTLimit to 1 and Apache will be able > to handle requests coming almost from the local network, because packets with > TTL usually come from local networks. > > > I don't know which place is the right place to put patches, but > original patch is here: > https://bz.apache.org/bugzilla/show_bug.cgi?id=61179 > https://bz.apache.org/bugzilla/attachment.cgi?id=35048 That's exactly the right place. At first glance, patch looks interesting, and I'm minded to adopt (some version of) it for trunk. Though I think I'd default it to 0 (off) rather than your 255. Any other views? -- Nick Kew
