[Zope] Zope Best Possible Installation

Robert Segall roseg@apsis.ch
Fri, 13 Jun 2003 13:33:03 +0200


On Friday 13 June 2003 13:23, you wrote:
> On Fri, Jun 13, 2003 at 01:15:13AM -0700, Jamie Heilman wrote:
> > Zope requires a proxy server which can place limits request length for
> > secure operation.  If pound doesn't provide them, then pound is not
> > suitable where secure operation is required.
>
> Hmm,
>
> the pound readme claims that it assures only "well formed" requests
> get passed to Zope... don't know if there's a limit, but it seems the
> authors thought of just that.
>
> Regards,
>
> uwe

To set everybody's mind to rest: Pound does set a limit (albeit large - by 
default almost 16K) on the size of a request. In addition only "correctly 
formed" requests (as per RFC) are passed to the back-end servers.

In practice this means that Pound routinely rejects (for example) Nimda-style 
requests - see the log files for "Bad request" messages.

Clarification: "request size" means the size of the request _string_, not the 
total size of an HTTP request. There is no limit on the total size of the 
_data_ (in a POST request, for example) that a client can send to a server.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-1-920 4904