Project

General

Profile

Actions

Bug #3540

closed

plain HTML sessions limit bug

Added by Boris Nagaev almost 10 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Start date:
08/22/2014
Due date:
% Done:

0%

Estimated time:

Description

src/web/WebController.C:

return plainHtmlSessions_ > conf*.maxPlainSessionsRatio() * ajaxSessions*;

should be

return plainHtmlSessions_ > conf*.maxPlainSessionsRatio() * (ajaxSessions* + plainHtmlSessions_);

Currently, even if plain-ajax-sessions-ratio-limit=1, running 20 Ajax + 20 HTML sessions, new HTML sessions are discarded as DDoS.

Actions #1

Updated by Koen Deforche over 9 years ago

  • Status changed from New to Resolved
  • Assignee set to Koen Deforche
  • Target version set to 3.3.4
Actions #2

Updated by Koen Deforche over 9 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF