You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jon Travis <jt...@covalent.net> on 2001/09/25 05:30:44 UTC

DoS on POSTS

It seems that there is a possibility for DoS on Apache servers
when doing a POST.  On search.apache.org, I can send the following
request:

PUT / HTTP/1.1
Host: search.apache.org:80
Content-Length: 1000
<newline here>

And just let it sit there forever.  search.apache.org is running 2.0.24,
and I'm running out of CVS and seeing the same behaviour.  Seems bogus to me.

-- Jon