On Friday 13 June 2003 23:11, you wrote:
Robert Segall wrote:
On Fri, Jun 13, 2003 at 01:15:13AM -0700, Jamie Heilman wrote:
Zope requires a proxy server which can place limits request length for secure operation. If pound doesn't provide them, then pound is not suitable where secure operation is required.
To set everybody's mind to rest: Pound does set a limit (albeit large - by default almost 16K) on the size of a request. In addition only "correctly formed" requests (as per RFC) are passed to the back-end servers.
In practice this means that Pound routinely rejects (for example) Nimda-style requests - see the log files for "Bad request" messages.
Clarification: "request size" means the size of the request _string_, not the total size of an HTTP request. There is no limit on the total size of the _data_ (in a POST request, for example) that a client can send to a server.
No, no, request size means the whole request, I'm the one who used that term, and thats what I ment. Request header length limits are all well and good, and as of 2.6 Zope even has some of its own: http://collector.zope.org/Zope/606 Nevertheless header limits are not sufficient by themselves, body length limits are requisite for reliable operation. ZServer will read an entire POST request into memory, so without a protective proxy it is trivial for a client to run the Zope process into the rlimit or worse. If Pound does not provide this protection then Pound is not suitable where secure (read as: reliable) operation is required.
Thanks for the clarification. That kind of limit is scheduled for the next official release of Pound - feel free to download http://www.apsis.ch/pound/Pound-current.tgz if you want to give it a try. I'd greatly appreciate your feedback on it. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-1-920 4904