Hey Nick, it must be 0, not 255. I updated it in patch attached 👍
Sent from my iPhone > On 13 Jun 2017, at 13:52, Nick Kew <n...@apache.org> wrote: > >> On Tue, 2017-06-13 at 11:41 +0300, Donatas Abraitis wrote: >> >> I would like to propose this patchset allowing to set maximum TTL value for >> incoming requests. This is not a usual use case, but I'm interested (maybe >> others too) to have this in place. The real use case would be like this one >> http://blog.donatas.net/blog/2017/04/20/http-request-validation/. > > Thanks! I'm not sure I follow your exact scenario, but it > looks like a modest enhancement at very low cost or risk! > >> TL;DR: if you want to deny requests bypassing proxy layer (in this case >> Apache operates as a backend). Hence set TTLimit to 1 and Apache will be >> able to handle requests coming almost from the local network, because >> packets with TTL usually come from local networks. >> >> >> I don't know which place is the right place to put patches, but >> original patch is here: >> https://bz.apache.org/bugzilla/show_bug.cgi?id=61179 >> https://bz.apache.org/bugzilla/attachment.cgi?id=35048 > > That's exactly the right place. > > At first glance, patch looks interesting, and I'm minded to > adopt (some version of) it for trunk. Though I think I'd > default it to 0 (off) rather than your 255. Any other views? > > -- > Nick Kew > >