Re: Re[4]: HTTP2 Expression of Interest : Squid

In message <emc7be1028-2d4d-4336-b386-fbf9464e9559@reboist>, "Adrien de Croy" w
rites:

>I agree, and actually I'd be keen to apply this philosphy in both=20
>directions, where no significant resource is transmitted in either=20
>direction without the recipient indicating prior willingness (either by=20
>requesting it, or indicating willingness).  What I'm getting at here is=20
>large POST / PUT requests.  Currently it's a mess esp with auth in the=20
>mix.

Assuming HTTP/2.0 gets good mux/pipe-lining, I would like to propose
a default limit of max one connection from each client to each server,
until the server transmit a permission to open multiple parallel
connections.

This would take serious steam out of DoS attaks, without affecting
legitimate users.

A similar approach could be used for request body size:  A default
hard limit of X bytes, until the server gives you permission for more.

I know of no web services where you send a 4GB POST point blank, and
certainly none where doing an intial "HEAD /" would be an unbearble
cost.

This would also seriously disarm the DoS bots.


-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 17 July 2012 10:49:26 UTC