truefeel Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ ¿Ã¸° ±Û: 1277 À§Ä¡: ´ëÇѹα¹
|
¿Ã·ÁÁü: 2011.9.06 È, 6:43 pm ÁÖÁ¦: nginx 1.1.2¿¡ Range Çì´õ ÀûÇÕ¼º üũ Ãß°¡ |
|
|
nginx´Â 1.0.xÀÇ ¾ÈÁ¤¹öÀü°ú 1.1.xÀÇ °³¹ß ¹öÀüÀÌ ÀÖ´Ù. ÀÌÁß¿¡ 1.1.2 °³¹ß ¹öÀü¿¡ Range Çì´õÀÇ ÀûÇÕ¼º üũ°¡ Ãß°¡µÇ¾ú´Ù.
¾Æ¸¶ ÃÖ±Ù ¹®Á¦ÀÖ´ø ¾ÆÆÄÄ¡ÀÇ Range Çì´õ DoS Ãë¾àÁ¡À» ÀǽÄÇؼ Ãß°¡ÇÑ °Í À¸·Î º¸ÀδÙ.
nginx¿¡ ¾ÆÆÄÄ¡¿Í °°Àº DoS Ãë¾àÁ¡Àº ¾øÁö¸¸, ¾ÈÁ¤¼ºÀ» À§Çؼ Ãß°¡ÇÑ °Í °°´Ù.
http://nginx.org/en/CHANGES
Àοë: |
*) Change: now if total size of all ranges is greater than source response size, then nginx disables ranges and returns just the source response.
*) Feature: the "max_ranges" directive.
Á¤¸®Çϸé,
Range Çì´õ¿¡ ÁöÁ¤ÇÑ ÃÑ ±æÀÌ > ¼Ò½º ±æÀÌ = Range Çì´õ disable
|
ÄÚµå: |
(¿äû ¿¹)
GET /a.html HTTP/1.1
Host: foobar.com
Range: bytes=0-,1-,1-1234
|
À§Ã³·³, À¥ÆäÀÌÁö(a.html)ÀÇ
0ÀÚ¸®~³¡±îÁö + 1ÀÚ¸®~³¡±îÁö + 1~1234ÀÚ¸®±îÁö ÇÕÇÏ¸é ´ç¿¬È÷ ¼Ò½º ±æÀ̺¸´Ù Ä¿Áö´Ï RangeÇì´õ´Â disableµÉ °ÍÀÌ´Ù.
* °ü·Ã±Û : ¾ÆÆÄÄ¡ À¥¼¹ö, ½É°¢ÇÑ DoS Ãë¾àÁ¡°ú ÆÐÄ¡ ¹öÀü (2011.9.2) |
|