What's a client? For instance, if it's truly an attack, it would be
trivial to spoof IP addresses. And with entire corporations behind
NAT firewalls, simply setting the number of sessions per IP addresses
to a `small' number would not work.
Or, are you saying, don't initiate a session until
Scott Christley typed the following on 10:54 AM 1/17/2001 -0800
I must apologize first by saying that I originally found this bug with
Jserv not Tomcat, but those of you who are familiar with Tomcat
internals can probably tell fairly quickly if this would still be an
issue.
It could potentially
