[Zope] Zope Best Possible Installation
Robert Segall
roseg@apsis.ch
Fri, 13 Jun 2003 13:33:03 +0200
On Friday 13 June 2003 13:23, you wrote:
> On Fri, Jun 13, 2003 at 01:15:13AM -0700, Jamie Heilman wrote:
> > Zope requires a proxy server which can place limits request length for
> > secure operation. If pound doesn't provide them, then pound is not
> > suitable where secure operation is required.
>
> Hmm,
>
> the pound readme claims that it assures only "well formed" requests
> get passed to Zope... don't know if there's a limit, but it seems the
> authors thought of just that.
>
> Regards,
>
> uwe
To set everybody's mind to rest: Pound does set a limit (albeit large - by
default almost 16K) on the size of a request. In addition only "correctly
formed" requests (as per RFC) are passed to the back-end servers.
In practice this means that Pound routinely rejects (for example) Nimda-style
requests - see the log files for "Bad request" messages.
Clarification: "request size" means the size of the request _string_, not the
total size of an HTTP request. There is no limit on the total size of the
_data_ (in a POST request, for example) that a client can send to a server.
--
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-1-920 4904