Welcome! Log In Create A New Profile

ngx_http_find_virtual_server ngx_http_regex_exec DOS

Forum List Message List New Topic Print View

Clima Gabriel

January 30, 2024 03:30AM

Greetings fellow nginx-devs,
It looks to me as if an attacker could force the server to use up a large
amount of resources doing ngx_http_regex_exec if the server were to be
configured with a relatively large number of regex server_names.
I would appreciate any ideas on the topic, especially suggestions as to how
some form of caching could be implemented for the responses, so that the
server didn't have to execute the ngx_http_regex_exec on subsequent
requests.

2375 for (i = 0; i < virtual_names->nregex; i++) {
2376
2377 n = ngx_http_regex_exec(r, sn[i].regex, host);
2378
2379 if (n == NGX_DECLINED) {
2380 continue;
2381 }
2382
2383 if (n == NGX_OK) {
2384 *cscfp = sn[i].server;
2385 return NGX_OK;
2386 }
2387
2388 return NGX_ERROR;
2389 }
../src/http/ngx_http_request.c

Regards,
Gabriel
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
ngx_http_find_virtual_server ngx_http_regex_exec DOS	Clima Gabriel	January 30, 2024 03:30AM
Re: ngx_http_find_virtual_server ngx_http_regex_exec DOS	Maxim Dounin	January 30, 2024 10:20PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 124

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

ngx_http_find_virtual_server ngx_http_regex_exec DOS

ngx_http_find_virtual_server ngx_http_regex_exec DOS

Re: ngx_http_find_virtual_server ngx_http_regex_exec DOS

Online Users