On Friday 13 June 2003 13:23, you wrote:
On Fri, Jun 13, 2003 at 01:15:13AM -0700, Jamie Heilman wrote:
Zope requires a proxy server which can place limits request length for secure operation. If pound doesn't provide them, then pound is not suitable where secure operation is required.
Hmm,
the pound readme claims that it assures only "well formed" requests get passed to Zope... don't know if there's a limit, but it seems the authors thought of just that.
Regards,
uwe
To set everybody's mind to rest: Pound does set a limit (albeit large - by default almost 16K) on the size of a request. In addition only "correctly formed" requests (as per RFC) are passed to the back-end servers. In practice this means that Pound routinely rejects (for example) Nimda-style requests - see the log files for "Bad request" messages. Clarification: "request size" means the size of the request _string_, not the total size of an HTTP request. There is no limit on the total size of the _data_ (in a POST request, for example) that a client can send to a server. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-1-920 4904