Re: [mod-security-users] core rules
Brought to you by:
victorhora,
zimmerletw
From: <chr...@po...> - 2008-07-14 06:43:10
|
Hya, I think Brian nailed it down and you got the right conclusions. However, there is a tiny detail which I think is still missing. It's fairly easy to send an incomplete HTTP header to a server. I am not a network guy at all, but I assume the server would have to send the ACK to this package without knowing the remaining header lines. Or is it technically possible to keep the ACK back until the remaining package(s) have arrived? Otherwise I do not believe you can keep the existence of a webserver secret. regs, Christian |