Net::HTTP transfer limit

Discussion in 'Ruby' started by Seth Morabito, Nov 19, 2005.

  1. ------=_Part_17074_33322032.1132438624133
    Content-Type: text/plain; charset=ISO-8859-1
    Content-Transfer-Encoding: quoted-printable
    Content-Disposition: inline

    I've done some searching through the archives, but so far I haven't found a=
    n
    answer to this question.

    I have an application that allows users to request arbitrary URLs. The
    underlying mechanism uses Net::HTTP.get() to fetch the object at the URL an=
    d
    attempts to parse it as an XML document.

    That all works fine, but it leaves open a fairly trivial DoS attack -- a
    user can create a CGI that spews back content continuously, for example. To
    lessen this potential, I would really like to specify a byte limit for the
    GET, i.e., "Stop reading and close the socket if you have read more than
    1MB". HTTP 'Range' doesn't seem like an option, because there's no reason t=
    o
    expect a malicious server to respect it in the request.

    Does anyone have any ideas, or pointers?

    Thanks,

    -Seth

    ------=_Part_17074_33322032.1132438624133--
     
    Seth Morabito, Nov 19, 2005
    #1
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Max
    Replies:
    5
    Views:
    1,664
    Esmond Pitt
    Feb 29, 2004
  2. news.amnet.net.au
    Replies:
    1
    Views:
    1,133
    Sudsy
    Sep 15, 2004
  3. darrel
    Replies:
    3
    Views:
    589
    Juan T. Llibre
    Apr 22, 2006
  4. Replies:
    1
    Views:
    1,383
    Victor Bazarov
    Jun 28, 2005
  5. Scott

    WebService To WebService HTTP Connection Limit

    Scott, Jan 31, 2006, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    803
    Scott
    Feb 1, 2006
  6. Jim
    Replies:
    1
    Views:
    1,339
    Aaron Bertrand - MVP
    Jan 28, 2004
  7. Meihua Liang

    Net::http.get has a 50K limit?

    Meihua Liang, Jan 30, 2004, in forum: Ruby
    Replies:
    5
    Views:
    191
    Daniel Lichtenberger
    Jan 31, 2004
  8. Roedy Green

    HTTP thread limit

    Roedy Green, Jan 10, 2013, in forum: Java
    Replies:
    3
    Views:
    291
    Roedy Green
    Jan 10, 2013
Loading...