Using Zope 2.5.1 and Python 2.1.1, I do not see a server lockup but I do see an exception printed to the console. 2002-05-21T21:43:16 ERROR(200) ZServer Server Error: exceptions.TypeError, cannot add type "None" to string: file: /home/creiman/zope/ZopeCVS/Zope/ZServer/HTTPServer.py line: 181 The response is an HTTP 500 internal server error. I find this worrisome but the server does not crash. I'm only mentioning this because no one else reported such an exception. FWIW, HTTPServer.py: line 181 is accessing request.version (and there is no check to see if the attribute is None). Just for grins, I then repeated the request about 20 times to see if it might be killing threads. The server repeats the above behavior but is still running fine. The server should handle this more gracefully. Most likely by trapping the missing version earlier and responding with a malformed request error.
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of John Adams Sent: Tuesday, May 21, 2002 2:30 PM To: zope@zope.org Subject: Re: [Zope] Easy Zope DoS ?
On Tue, 21 May 2002, Thomas B. Passin wrote:
[John Adams]
It seems that if I've started the zope server from the command line, and then telnet to the port it's running on (8080) and issue a malformed HTTP request, I can kill the server. Does anyone else experience this? [...] The server goes down for the count after this.
Let me add a few notes here so I don't cause a panic. I'm on Zope 2.5.0 with python 2.1.1 (SunOS 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-250.) Non-CVS checkout -- this is a release I downloaded from zope.com.
This problem doesn't happen on an immediate restart of zope, so it's certainly not an Easy DoS as I may have indicated. It happens once the server's been up for awhile (but time to failure is unknown.) I just restarted my server and now I can't reproduce the issue.
I see quite a few people on higher versions of Zope, and I should probably upgrade, but I'd like to know if anyone sees random Zope daemon failure that is similar to what I'm experiencing.
-john
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )