On Friday 13 June 2003 12:33, Robert Segall wrote:
To set everybody's mind to rest: Pound does set a limit (albeit large - by default almost 16K) on the size of a request. In addition only "correctly formed" requests (as per RFC) are passed to the back-end servers.
In practice this means that Pound routinely rejects (for example) Nimda-style requests - see the log files for "Bad request" messages.
Clarification: "request size" means the size of the request _string_, not the total size of an HTTP request. There is no limit on the total size of the _data_ (in a POST request, for example) that a client can send to a server.
Squid also has a configurable limit on the size of the request body, and the size of request headers. I think both of these offer valuable protection. -- Toby Dickenson http://www.geminidataloggers.com/people/tdickenson