Project

General

Profile

Bug #3540

plain HTML sessions limit bug

Added by Boris Nagaev almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
08/22/2014
Due date:
% Done:

0%

Estimated time:

Description

src/web/WebController.C:

return plainHtmlSessions_ > conf*.maxPlainSessionsRatio() * ajaxSessions*;

should be

return plainHtmlSessions_ > conf*.maxPlainSessionsRatio() * (ajaxSessions* + plainHtmlSessions_);

Currently, even if plain-ajax-sessions-ratio-limit=1, running 20 Ajax + 20 HTML sessions, new HTML sessions are discarded as DDoS.

#1

Updated by Koen Deforche over 7 years ago

  • Status changed from New to Resolved
  • Assignee set to Koen Deforche
  • Target version set to 3.3.4
#2

Updated by Koen Deforche over 7 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF