W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: FYI... Binary Optimized Header Encoding for SPDY

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Sun, 05 Aug 2012 12:31:55 +0000
To: Amos Jeffries <squid3@treenet.co.nz>
cc: ietf-http-wg@w3.org
Message-ID: <15811.1344169915@critter.freebsd.dk>
In message <501E5A69.5000802@treenet.co.nz>, Amos Jeffries writes:

>Only if you try to cache along the assumed filesystem hierarchy implicit 
>in URLs. Using the absolute URL as an opaque hash key (as Squid does) 
>instead of reading any meaning in its syntax avoids all these issues 
>completely.

But opens you up to DoS attacks along the lines of:

	GET /ABCDEF.html
	GET /%41BCDEF.html
	GET /A%42CDEF.html
	...

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 5 August 2012 12:32:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 5 August 2012 12:32:41 GMT