[Zope] Zope Best Possible Installation
Toby Dickenson
tdickenson@geminidataloggers.com
Fri, 13 Jun 2003 12:49:52 +0100
On Friday 13 June 2003 12:33, Robert Segall wrote:
> To set everybody's mind to rest: Pound does set a limit (albeit large - by
> default almost 16K) on the size of a request. In addition only "correctly
> formed" requests (as per RFC) are passed to the back-end servers.
>
> In practice this means that Pound routinely rejects (for example)
> Nimda-style requests - see the log files for "Bad request" messages.
>
> Clarification: "request size" means the size of the request _string_, not
> the total size of an HTTP request. There is no limit on the total size of
> the _data_ (in a POST request, for example) that a client can send to a
> server.
Squid also has a configurable limit on the size of the request body, and the
size of request headers. I think both of these offer valuable protection.
--
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson