W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2008

Re: Overlapping ranges

From: Yves Lafon <ylafon@w3.org>
Date: Mon, 13 Oct 2008 08:12:18 -0400 (EDT)
To: Stefanos Harhalakis <v13@v13.gr>
cc: Julian Reschke <julian.reschke@gmx.de>, ietf-http-wg@w3.org
Message-ID: <Pine.LNX.4.64.0810130757240.2681@ubzre.j3.bet>

On Sun, 12 Oct 2008, Stefanos Harhalakis wrote:

>> I agree that this is a nice DOS scenario, but wouldn't it be possible to
>> do the same just with a bunch of concurrent, repeating GET requests on
>> the same URI?
>
> Indeed, repeated GET requests will have the same result but they will be a bit
> less robust. For every repeated request that the client side transmits there
> is a (not so small) possibility of the request being lost. If this problem is
> of size X then it is practically multiplied by the number of repeated ranges
> that the client side may request.

Some servers are limiting the number of requests per connections (in 
pipelining mode or not), others try to detect abuse on the whole server, 
both are counter-measures not present in the HTTP RFC but part of 
implementation experience.

In the same vein, refusing overlapping range request that would be bigger 
than exporting the whole document (and serving the document instead) seems 
to be a sane implementation choice, but the spec shouldn't cover all those 
corner cases, IMHO.

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves
Received on Monday, 13 October 2008 12:12:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:56 GMT