Received: (qmail 8192 invoked by uid 2012); 25 Sep 1999 12:20:45 -0000 Message-Id: <19990925122045.8191.qmail@hyperreal.org> Date: 25 Sep 1999 12:20:45 -0000 From: Dirk Ahlers Reply-To: there@darkride.net To: apbugs@hyperreal.org Subject: Server Status refresh can be too fast X-Send-Pr-Version: 3.2 >Number: 5067 >Category: mod_status >Synopsis: Server Status refresh can be too fast >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat Sep 25 05:30:00 PDT 1999 >Closed-Date: Tue Dec 12 21:15:24 PST 2000 >Last-Modified: Tue Dec 12 21:15:24 PST 2000 >Originator: there@darkride.net >Release: 1.3.6 (Win32) >Organization: >Environment: Windows 98 unpatched Apache binary install >Description: Using http://your.server.name/server-status?refresh=N will refresh the status every N seconds. However, when setting N to 0 or omitting it, the server will serve updates pages at very high speed. I do not think this behaviour is intended, as calling just server-status?refresh will only update at 1 second intervals, which will not put too much load on the server. >How-To-Repeat: http://your.server.name/server-status?refresh=0 http://your.server.name/server-status?refresh= >Fix: modify the behaviour of ?refresh=0 and ?refresh= to that of ?refresh >Release-Note: >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: wrowe State-Changed-When: Sun Oct 1 12:42:45 PDT 2000 State-Changed-Why: Not a bad suggestion, considering it could be an exploit... tagged for additional research. State-Changed-From-To: analyzed-closed State-Changed-By: wrowe State-Changed-When: Tue Dec 12 21:15:24 PST 2000 State-Changed-Why: Resolved with Apache release 1.3.15 ... thank you for your report and interest in the Apache httpd project! >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]