From: Rodney H. <ro...@ac...> - 2001-08-10 20:30:58
|
On Fri, 10 Aug 2001, Xiaowu Gai wrote: > Hi Rod: > > Yes, I am using 2.0. Sorry I forgot to mention this. I actually noticed > that the default httpd.conf does not have an entry like LimitQuestBody, > which is added in slash.conf, though. Is there any reason why slash does > this. I placed my script in the original apache cgi-bin and it worked fine > for read and returning smaller files, but failed when I tried with a big > file. That is how I noticed the LimitRequestBody thing. I commented out the > entry in the slash.conf file and it worked just fine. I am bit nervous, > though, since I knows slash must do this for a reason. > > Again, thank you for your help. > Xiaowu, Yeah, that was exactly the same behavior that we saw. As for why slash sets it? I haven't asked CmdrTaco, et al, but I suspect they set it because leaving that max request open is a nice recipe for a denial of service attack. Think of it this way, if there is no limit, then someone could just start sending *huge* requests to your server that would eventually cause it to crash. On my setup, I just kind of took an educated guess at what I thought the max file size would be, based on the type of files we were accepting, and then set the LimitRequestBody slightly higher than my expectations. It's worked pretty well so far... -Rod Heyd -- _________________________________________________________________ |Rodney S. Heyd |Arizona State University-1504 | |Web and System Administrator |Dept. of Physics and Astronomy | |ECEPT,ACEPT |Tempe, Arizona 85287-1504 | |he...@as... |PHONE: (480) 727-6291 | |http://www.ecept.net/ |FAX: (480) 727-6019 | |http://acept.asu.edu/ | | ------------------------------------------------------------------ |