[PATCH] SPDY/3.1 protocol implementation

Piotr Sikora piotr at cloudflare.com
Tue Jan 28 00:31:20 UTC 2014


> Also, it seems that we should be forcing minimum value for the
> client's window size, otherwise client can set window size to 2 bytes
> and make nginx return thousands of DATA frames and use way too many
> resources to serve a small static page (same is true for Google's &
> Twitter's web servers). This could be a huge (D)DoS-vector.

...or worse, 1 byte (for some reason I thought the window size was
defined as 2^n bytes, not n bytes).

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list