I came across something that has me somewhat uneasy, for the simple fact that I offer programs for download on my site using the HTTP protocol.

It came to my attention that a person could bring down a site and the server that hosts the site by using a file on that site as small as 900 KBs.

What can we do to prevent this?

Max or TWEB, if you would like, I can send you more information via email.

It's not a specific file. From what I gather, any site that uses HTTP as a means for file transers leaves themselves open for attacks.

For example: Webservers have dynamic content that they have to generate before sending to a user.

They create a buffer and fill it with the contents of the document they are about to send, and then they empty the buffer to the user.

Say you had a 2 meg file(just using 2 megs as an example. The file could be quite smaller) on your site for download(be it mp3 file or whatever). Any time someone downloads your 2 meg file, the webhosting machine sticks 2 megs of data into memory, then empties it out, thereby using up huge amounts of memory with each file transfer.

Without giving out any more details, do you see where I'm going with this?
 
 [ July 18, 2002, 12:17 PM: Message edited by: whoisthis ]

What I think you are saying is,

You could overload the machine by downloading lots at the same time.

However, in the settings for the webserver software, you can set a limit for the number of connections / downloads you can have going at once, so this luckily doesn't happen.

The memory allocated to the webserver software can also be limited (in some operating systems) to prevent this.