Looking through my Undo list, I found several transactions that look like: /ir/wa/ad_neorx.htm/HEAD by Anonymous User I fired up the browser and navigated to a page and then appended /HEAD at the end and after a while, I got a blank page back. I checked the history for the file and found a new transaction. I ran a diff on the current version and the prior one. No changes. So what the heck is HEAD and why does it create a transaction? Given my recent problem with runaway transactions, doesn't this represent a potential DOS vulnerability. You could keep pounding a server with /HEAD (give a server head?) and eventually fill up the hard drive. Howard Hansen http://zopenotes.com __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - Let the expert host your site http://webhosting.yahoo.com
Howard Hansen wrote:
Looking through my Undo list, I found several transactions that look like:
/ir/wa/ad_neorx.htm/HEAD by Anonymous User
I fired up the browser and navigated to a page and then appended /HEAD at the end and after a while, I got a blank page back. I checked the history for the file and found a new transaction.
It's already fixed in current releases: http://collector.zope.org/Zope/574 -mj
participants (2)
-
Howard Hansen -
Maik Jablonski