I’ve done some searching through the archives, but so far I haven’t
answer to this question.
I have an application that allows users to request arbitrary URLs. The
underlying mechanism uses Net::HTTP.get() to fetch the object at the URL
attempts to parse it as an XML document.
That all works fine, but it leaves open a fairly trivial DoS attack – a
user can create a CGI that spews back content continuously, for example.
lessen this potential, I would really like to specify a byte limit for
GET, i.e., “Stop reading and close the socket if you have read more than
1MB”. HTTP ‘Range’ doesn’t seem like an option, because there’s no
expect a malicious server to respect it in the request.
Does anyone have any ideas, or pointers?