[PATCH] SPDY/3.1 protocol implementation
Piotr Sikora
piotr at cloudflare.com
Tue Jan 28 00:31:20 UTC 2014
Hey,
> Also, it seems that we should be forcing minimum value for the
> client's window size, otherwise client can set window size to 2 bytes
> and make nginx return thousands of DATA frames and use way too many
> resources to serve a small static page (same is true for Google's &
> Twitter's web servers). This could be a huge (D)DoS-vector.
...or worse, 1 byte (for some reason I thought the window size was
defined as 2^n bytes, not n bytes).
Best regards,
Piotr Sikora
More information about the nginx-devel
mailing list