Forum: Ruby Net::HTTP transfer limit

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
505cf9ac8f46a71a66197e554b69630a?d=identicon&s=25 smorabito (Guest)
on 2005-11-19 23:19
(Received via mailing list)
I've done some searching through the archives, but so far I haven't
found an
answer to this question.

I have an application that allows users to request arbitrary URLs. The
underlying mechanism uses Net::HTTP.get() to fetch the object at the URL
and
attempts to parse it as an XML document.

That all works fine, but it leaves open a fairly trivial DoS attack -- a
user can create a CGI that spews back content continuously, for example.
To
lessen this potential, I would really like to specify a byte limit for
the
GET, i.e., "Stop reading and close the socket if you have read more than
1MB". HTTP 'Range' doesn't seem like an option, because there's no
reason to
expect a malicious server to respect it in the request.

Does anyone have any ideas, or pointers?

Thanks,

-Seth
This topic is locked and can not be replied to.