diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c

index 79f6f8d..6c415c8 100644

--- a/modules/filters/mod_deflate.c

+++ b/modules/filters/mod_deflate.c

@@ -37,6 +37,7 @@

 #include "httpd.h"

 #include "http_config.h"

 #include "http_log.h"

+#include "http_core.h"

 #include "apr_lib.h"

 #include "apr_strings.h"

 #include "apr_general.h"

@@ -52,6 +53,9 @@

 static const char deflateFilterName[] = "DEFLATE";

 module AP_MODULE_DECLARE_DATA deflate_module;

+#define AP_INFLATE_RATIO_LIMIT 200

+#define AP_INFLATE_RATIO_BURST 3

+

 typedef struct deflate_filter_config_t

 {

     int windowSize;

@@ -63,6 +67,12 @@ typedef struct deflate_filter_config_t

     char *note_output_name;

 } deflate_filter_config;

+typedef struct deflate_dirconf_t {

+    apr_off_t inflate_limit;

+    int ratio_limit,

+        ratio_burst;

+} deflate_dirconf_t;

+

 /* RFC 1952 Section 2.3 defines the gzip header:

  *

  * +---+---+---+---+---+---+---+---+---+---+

@@ -204,6 +214,14 @@ static void *create_deflate_server_config(apr_pool_t *p, server_rec *s)

     return c;

 }

+static void *create_deflate_dirconf(apr_pool_t *p, char *dummy)

+{

+    deflate_dirconf_t *dc = apr_pcalloc(p, sizeof(*dc));

+    dc->ratio_limit = AP_INFLATE_RATIO_LIMIT;

+    dc->ratio_burst = AP_INFLATE_RATIO_BURST;

+    return dc;

+}

+

 static const char *deflate_set_window_size(cmd_parms *cmd, void *dummy,

                                            const char *arg)

 {

@@ -295,6 +313,55 @@ static const char *deflate_set_compressionlevel(cmd_parms *cmd, void *dummy,

     return NULL;

 }

+

+static const char *deflate_set_inflate_limit(cmd_parms *cmd, void *dirconf,

+                                      const char *arg)

+{

+    deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;

+    char *errp;

+

+    if (APR_SUCCESS != apr_strtoff(&dc->inflate_limit, arg, &errp, 10)) {

+        return "DeflateInflateLimitRequestBody is not parsable.";

+    }

+    if (*errp || dc->inflate_limit < 0) {

+        return "DeflateInflateLimitRequestBody requires a non-negative integer.";

+    }

+

+    return NULL;

+}

+

+static const char *deflate_set_inflate_ratio_limit(cmd_parms *cmd,

+                                                   void *dirconf,

+                                                   const char *arg)

+{

+    deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;

+    int i;

+

+    i = atoi(arg);

+    if (i <= 0)

+        return "DeflateInflateRatioLimit must be positive";

+

+    dc->ratio_limit = i;

+

+    return NULL;

+}

+

+static const char *deflate_set_inflate_ratio_burst(cmd_parms *cmd,

+                                                   void *dirconf,

+                                                   const char *arg)

+{

+    deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;

+    int i;

+

+    i = atoi(arg);

+    if (i <= 0)

+        return "DeflateInflateRatioBurst must be positive";

+

+    dc->ratio_burst = i;

+

+    return NULL;

+}

+

 typedef struct deflate_ctx_t

 {

     z_stream stream;

@@ -304,6 +371,8 @@ typedef struct deflate_ctx_t

     int (*libz_end_func)(z_streamp);

     unsigned char *validation_buffer;

     apr_size_t validation_buffer_length;

+    int ratio_hits;

+    apr_off_t inflate_total;

     unsigned int inflate_init:1;

     unsigned int filter_init:1;

     unsigned int done:1;

@@ -422,6 +491,22 @@ static void deflate_check_etag(request_rec *r, const char *transform)

     }

 }

+/* Check whether the (inflate) ratio exceeds the configured limit/burst. */

+static int check_ratio(request_rec *r, deflate_ctx *ctx,

+                       const deflate_dirconf_t *dc)

+{

+    if (ctx->stream.total_in) {

+        int ratio = ctx->stream.total_out / ctx->stream.total_in;

+        if (ratio < dc->ratio_limit) {

+            ctx->ratio_hits = 0;

+        }

+        else if (++ctx->ratio_hits > dc->ratio_burst) {

+            return 0;

+        }

+    }

+    return 1;

+}

+

 static int have_ssl_compression(request_rec *r)

 {

     const char *comp;

@@ -897,6 +982,8 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,

     int zRC;

     apr_status_t rv;

     deflate_filter_config *c;

+    deflate_dirconf_t *dc;

+    apr_off_t inflate_limit;

     /* just get out of the way of things we don't want. */

     if (mode != AP_MODE_READBYTES) {

@@ -904,6 +991,7 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,

     }

     c = ap_get_module_config(r->server->module_config, &deflate_module);

+    dc = ap_get_module_config(r->per_dir_config, &deflate_module);

     if (!ctx) {

         char deflate_hdr[10];

@@ -994,6 +1082,12 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,

         apr_brigade_cleanup(ctx->bb);

     }

+    inflate_limit = dc->inflate_limit; 

+    if (inflate_limit == 0) { 

+        /* The core is checking the deflated body, we'll check the inflated */

+        inflate_limit = ap_get_limit_req_body(f->r);

+    }

+

     if (APR_BRIGADE_EMPTY(ctx->proc_bb)) {

         rv = ap_get_brigade(f->next, ctx->bb, mode, block, readbytes);

@@ -1038,6 +1132,17 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,

                 ctx->stream.next_out = ctx->buffer;

                 len = c->bufferSize - ctx->stream.avail_out;

+ 

+                ctx->inflate_total += len;

+                if (inflate_limit && ctx->inflate_total > inflate_limit) { 

+                    inflateEnd(&ctx->stream);

+                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647)

+                            "Inflated content length of %" APR_OFF_T_FMT

+                            " is larger than the configured limit"

+                            " of %" APR_OFF_T_FMT, 

+                            ctx->inflate_total, inflate_limit);

+                    return APR_ENOSPC;

+                }

                 ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);

                 tmp_heap = apr_bucket_heap_create((char *)ctx->buffer, len,

@@ -1073,6 +1178,26 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,

                     ctx->stream.next_out = ctx->buffer;

                     len = c->bufferSize - ctx->stream.avail_out;

+                    ctx->inflate_total += len;

+                    if (inflate_limit && ctx->inflate_total > inflate_limit) { 

+                        inflateEnd(&ctx->stream);

+                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02648)

+                                "Inflated content length of %" APR_OFF_T_FMT

+                                " is larger than the configured limit"

+                                " of %" APR_OFF_T_FMT, 

+                                ctx->inflate_total, inflate_limit);

+                        return APR_ENOSPC;

+                    }

+

+                    if (!check_ratio(r, ctx, dc)) {

+                        inflateEnd(&ctx->stream);

+                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02649)

+                                "Inflated content ratio is larger than the "

+                                "configured limit %i by %i time(s)",

+                                dc->ratio_limit, dc->ratio_burst);

+                        return APR_EINVAL;

+                    }

+

                     ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);

                     tmp_heap = apr_bucket_heap_create((char *)ctx->buffer, len,

                                                       NULL, f->c->bucket_alloc);

@@ -1193,6 +1318,7 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,

     int zRC;

     apr_status_t rv;

     deflate_filter_config *c;

+    deflate_dirconf_t *dc;

     /* Do nothing if asked to filter nothing. */

     if (APR_BRIGADE_EMPTY(bb)) {

@@ -1200,6 +1326,7 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,

     }

     c = ap_get_module_config(r->server->module_config, &deflate_module);

+    dc = ap_get_module_config(r->per_dir_config, &deflate_module);

     if (!ctx) {

@@ -1462,6 +1589,14 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,

         while (ctx->stream.avail_in != 0) {

             if (ctx->stream.avail_out == 0) {

+                if (!check_ratio(r, ctx, dc)) {

+                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02650)

+                            "Inflated content ratio is larger than the "

+                            "configured limit %i by %i time(s)",

+                            dc->ratio_limit, dc->ratio_burst);

+                    return APR_EINVAL;

+                }

+

                 ctx->stream.next_out = ctx->buffer;

                 len = c->bufferSize - ctx->stream.avail_out;

@@ -1548,12 +1683,20 @@ static const command_rec deflate_filter_cmds[] = {

                   "Set the Deflate Memory Level (1-9)"),

     AP_INIT_TAKE1("DeflateCompressionLevel", deflate_set_compressionlevel, NULL, RSRC_CONF,

                   "Set the Deflate Compression Level (1-9)"),

+    AP_INIT_TAKE1("DeflateInflateLimitRequestBody", deflate_set_inflate_limit, NULL, OR_ALL,

+                  "Set a limit on size of inflated input"),

+    AP_INIT_TAKE1("DeflateInflateRatioLimit", deflate_set_inflate_ratio_limit, NULL, OR_ALL,

+                  "Set the inflate ratio limit above which inflation is "

+                  "aborted (default: " APR_STRINGIFY(AP_INFLATE_RATIO_LIMIT) ")"),

+    AP_INIT_TAKE1("DeflateInflateRatioBurst", deflate_set_inflate_ratio_burst, NULL, OR_ALL,

+                  "Set the maximum number of following inflate ratios above limit "

+                  "(default: " APR_STRINGIFY(AP_INFLATE_RATIO_BURST) ")"),

     {NULL}

 };

 AP_DECLARE_MODULE(deflate) = {

     STANDARD20_MODULE_STUFF,

-    NULL,                         /* dir config creater */

+    create_deflate_dirconf,       /* dir config creater */

     NULL,                         /* dir merger --- default is to override */

     create_deflate_server_config, /* server config */

     NULL,                         /* merge server config */