Net::HTTP transfer limit

Discussion in 'Ruby' started by Seth Morabito, Nov 19, 2005.

  1. ------=_Part_17074_33322032.1132438624133
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: inline

    I've done some searching through the archives, but so far I haven't found a=
    n
    answer to this question.

    I have an application that allows users to request arbitrary URLs. The
    underlying mechanism uses Net::HTTP.get() to fetch the object at the URL an=
    d
    attempts to parse it as an XML document.

    That all works fine, but it leaves open a fairly trivial DoS attack -- a
    user can create a CGI that spews back content continuously, for example. To
    lessen this potential, I would really like to specify a byte limit for the
    GET, i.e., "Stop reading and close the socket if you have read more than
    1MB". HTTP 'Range' doesn't seem like an option, because there's no reason t=
    o
    expect a malicious server to respect it in the request.

    Does anyone have any ideas, or pointers?

    Thanks,

    -Seth

    ------=_Part_17074_33322032.1132438624133--
     
    Seth Morabito, Nov 19, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Max
    Replies:
    5
    Views:
    1,359
    Esmond Pitt
    Feb 29, 2004
  2. news.amnet.net.au
    Replies:
    1
    Views:
    938
    Sudsy
    Sep 15, 2004
  3. Replies:
    1
    Views:
    1,097
    Victor Bazarov
    Jun 28, 2005
  4. Jim
    Replies:
    1
    Views:
    944
    Aaron Bertrand - MVP
    Jan 28, 2004
  5. Meihua Liang

    Net::http.get has a 50K limit?

    Meihua Liang, Jan 30, 2004, in forum: Ruby
    Replies:
    5
    Views:
    131
    Daniel Lichtenberger
    Jan 31, 2004
Loading...

Share This Page