no-cache request, potential denial-of-service

From: Duane Wessels <>
Date: Tue, 29 Sep 1998 17:36:56 -0600

Something sort of interestin happened to one of my caches over
the weekend. the filedescriptor usage went way up and stayed up
around 500-600. Normally it is under 200.

I found about 200 simultaneous requests coming from a cache
in Russia. The URL was for a MSIE browser executable, about 1.8 MB.

Basically every client-side request had an associated server-side
request fetching the object. My cache was making 200 simultaneous
requests for the same URL. Apparently, all these requests had Pragma:
no-cache. there certainly shouldn't have been so many outbound

So it made me think, maybe it would be okay to have 'no-cache' requests
join onto STORE_PENDING objects, but no-cache would always replace a
STORE_OK object.

Strictly speaking, this would probably not be okay. The RFC is somewhat
vague. It seems to assume either the cache has a (whole, cached)
response, or it does not.

I know that this can be fixed with 'ignore-reload' and similar things.
But at this point I am REALLY NOT interested in fixes which
require configuration.

Damn RELOAD button.

How about we start a campaign to remove all reload buttons from
all browsers in existence?

Duane W.
Received on Tue Jul 29 2003 - 13:15:54 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:56 MST