Project

General

Profile

Bug #3540

plain HTML sessions limit bug

Added by Boris Nagaev almost 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
08/22/2014
Due date:
% Done:

0%

Estimated time:

Description

src/web/WebController.C:

return plainHtmlSessions_ > conf*.maxPlainSessionsRatio() * ajaxSessions*;

should be

return plainHtmlSessions_ > conf*.maxPlainSessionsRatio() * (ajaxSessions* + plainHtmlSessions_);

Currently, even if plain-ajax-sessions-ratio-limit=1, running 20 Ajax + 20 HTML sessions, new HTML sessions are discarded as DDoS.

Also available in: Atom PDF