W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

proposal for issue #175 range flooding

From: Yves Lafon <ylafon@w3.org>
Date: Thu, 25 Mar 2010 19:34:37 -0400 (EDT)
To: ietf-http-wg@w3.org
Message-ID: <alpine.DEB.1.10.1003251902390.28075@wnl.j3.bet>
The proposal is to add the following text in section 7.
(Security Considerations) of Part 5 [1]
<<
7.1 Range Flooding

  Range requests containing overlapping ranges may lead to the situation
  where a server is sending far more data than the size of the complete
  resource representation. This can generate Denial of Service attacks.
>>
There are multiple ways a server can reject (or ignore the Range: header) 
such requests, so no advice is given on how to process it.

[1] http://tools.ietf.org/html/draft-ietf-httpbis-p5-range-09#section-7

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves
Received on Thursday, 25 March 2010 23:34:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:17 GMT