Project

General

Profile

Feature #2130

limits the size of HTTP request header

Added by liming almost 8 years ago. Updated about 1 year ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2009-12-30
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
No

Description

Apache has a directive named "LimitRequestFieldSize". It limits the size of the HTTP request header allowed from the client.

lighttpd can also do it.

diff.txt (5.29 KB) diff.txt liming, 2009-12-30 08:22

Associated revisions

Revision 1018ff99 (diff)
Added by gstrauss about 1 year ago

[core] server.max-request-field-size (fixes #2130)

limits total size per request of request headers submitted by client

default limit set to 8k (prior lighttpd <= 1.4.41 hard-coded 64k limit)

(similar to Apache directive LimitRequestFieldSize)

x-ref:
"limits the size of HTTP request header"
https://redmine.lighttpd.net/issues/2130

History

#1

Updated by gstrauss over 1 year ago

  • Target version deleted (1.5.0)
#2

Updated by gstrauss about 1 year ago

  • Status changed from Patch Pending to Need Feedback

lighttpd 1.4.x has a hard-coded limit of 64k for HTTP request header, though it will accept slightly larger HTTP request headers if the complete HTTP request header has already been received in kernel socket buffers.

Is there a specific reason for this feature request besides "Apache has this feature"? Default size of kernel socket buffers are typically 64k or larger.

#3

Updated by gstrauss about 1 year ago

  • Status changed from Need Feedback to Patch Pending
  • Target version set to 1.4.42

Submitted change to set default request headers size limit to 8k, and enforce limit even on request headers completely received

#4

Updated by gstrauss about 1 year ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom