Facebook
Twitter
B
blackwidow
Guest
First I want to point out the problem many of us have found, then I will provide a few possible solutions, and finally I wish to ask SWsoft for a response.
Up though Apache version 1.3, Apache logged the actual bytes sent to the client. All versions after 1.3, including Apache 2.0, log the size of the file being requested, not how much data was actually sent. If a transfer is aborted half way, the full file size is still logged as sent. If a web browser accessed a link to a 10GB file 100 times rapidly, the log would show 1,000GB of traffic, even though the client may have not downloaded a single byte. This can be used maliciously to falsely report users as using too much bandwidth, thus allowing hosting providers to scam their customers into paying more. This simple exploit will soon be exposed to the public as a reason not to use Plesk based hosting.
One solution may be to use a module called mod_logio and then change the log format to use %O (logio's flag for bytes sent) instead of %b (file size). Another solution is to use mod_logio but create a second log file only for traffic logging. A third solution would be to go back to Apache 1.3.
SWsoft, before this becomes a more well known issue among the hosting community, what are you going to do about it now or in the future?
Up though Apache version 1.3, Apache logged the actual bytes sent to the client. All versions after 1.3, including Apache 2.0, log the size of the file being requested, not how much data was actually sent. If a transfer is aborted half way, the full file size is still logged as sent. If a web browser accessed a link to a 10GB file 100 times rapidly, the log would show 1,000GB of traffic, even though the client may have not downloaded a single byte. This can be used maliciously to falsely report users as using too much bandwidth, thus allowing hosting providers to scam their customers into paying more. This simple exploit will soon be exposed to the public as a reason not to use Plesk based hosting.
One solution may be to use a module called mod_logio and then change the log format to use %O (logio's flag for bytes sent) instead of %b (file size). Another solution is to use mod_logio but create a second log file only for traffic logging. A third solution would be to go back to Apache 1.3.
SWsoft, before this becomes a more well known issue among the hosting community, what are you going to do about it now or in the future?
