Hi Jonathan, On Wed, Mar 07, 2012 at 02:40:20PM +0000, Jonathan Matthews wrote: > Hi all - > > It seems to me that there's a trivial DoS available whenever "observe > layer7" is enabled if, as I'm imagining, the set of acceptable > response codes for "observe layer7" is derived from those configured > for the "httpchk".
No it's not. I've just checked in the code and we were careful to only use the error statuses that a client cannot trigger : - < 100 - >= 500 except 501 and 505 I've just updated the doc to reflect this. So you can safely use "oberve layer7" without risking that a user puts your servers down or forces them to receive storms of health checks. Regards, Willy
