[Zope] Zope Best Possible Installation
Jamie Heilman
jamie@audible.transient.net
Fri, 13 Jun 2003 14:11:43 -0700
Robert Segall wrote:
> > On Fri, Jun 13, 2003 at 01:15:13AM -0700, Jamie Heilman wrote:
> > > Zope requires a proxy server which can place limits request length for
> > > secure operation. If pound doesn't provide them, then pound is not
> > > suitable where secure operation is required.
>
> To set everybody's mind to rest: Pound does set a limit (albeit large - by
> default almost 16K) on the size of a request. In addition only "correctly
> formed" requests (as per RFC) are passed to the back-end servers.
>
> In practice this means that Pound routinely rejects (for example) Nimda-style
> requests - see the log files for "Bad request" messages.
>
> Clarification: "request size" means the size of the request _string_, not the
> total size of an HTTP request. There is no limit on the total size of the
> _data_ (in a POST request, for example) that a client can send to a server.
No, no, request size means the whole request, I'm the one who used
that term, and thats what I ment. Request header length limits are
all well and good, and as of 2.6 Zope even has some of its own:
http://collector.zope.org/Zope/606 Nevertheless header limits are not
sufficient by themselves, body length limits are requisite for
reliable operation. ZServer will read an entire POST request into
memory, so without a protective proxy it is trivial for a client to
run the Zope process into the rlimit or worse. If Pound does not
provide this protection then Pound is not suitable where secure (read
as: reliable) operation is required.
--
Jamie Heilman http://audible.transient.net/~jamie/
"Most people wouldn't know music if it came up and bit them on the ass."
-Frank Zappa