[Zope-Checkins] CVS: Zope/lib/python/ZServer - HTTPServer.py:1.49

Paul Winkler pw_lists at slinkp.com
Thu Apr 29 18:30:22 EDT 2004


Update of /cvs-repository/Zope/lib/python/ZServer
In directory cvs.zope.org:/tmp/cvs-serv5368/ZServer

Modified Files:
	HTTPServer.py 
Log Message:

Added a comment retroactively declaring bug #1003 to be a feature.



=== Zope/lib/python/ZServer/HTTPServer.py 1.48 => 1.49 ===
--- Zope/lib/python/ZServer/HTTPServer.py:1.48	Sun Dec 14 22:11:25 2003
+++ Zope/lib/python/ZServer/HTTPServer.py	Thu Apr 29 18:30:21 2004
@@ -365,6 +365,13 @@
                 # we are receiving header (request) data
             self.in_buffer = self.in_buffer + data
             if len(self.in_buffer) > self.max_header_len:
+                # Don't bother with a proper response header,
+                # we are probably under attack and that would just consume 
+                # precious resources.
+                # Instead, just bail out and leave the nasty client hanging.
+                # Hanging's too good for them!
+                # Unfortunate side effect: the attack gets logged to the
+                # event log, but not the access log.
                 raise ValueError('HTTP headers invalid (too long)')
 
 class zhttp_server(http_server):




More information about the Zope-Checkins mailing list