Project

General

Profile

Feature #2130

limits the size of HTTP request header

Added by liming about 10 years ago. Updated over 3 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2009-12-30
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:
No

Description

Apache has a directive named "LimitRequestFieldSize". It limits the size of the HTTP request header allowed from the client.

lighttpd can also do it.


Files

diff.txt (5.29 KB) diff.txt liming, 2009-12-30 08:22
#1

Updated by gstrauss over 3 years ago

  • Target version deleted (1.5.0)
#2

Updated by gstrauss over 3 years ago

  • Status changed from Patch Pending to Need Feedback

lighttpd 1.4.x has a hard-coded limit of 64k for HTTP request header, though it will accept slightly larger HTTP request headers if the complete HTTP request header has already been received in kernel socket buffers.

Is there a specific reason for this feature request besides "Apache has this feature"? Default size of kernel socket buffers are typically 64k or larger.

#3

Updated by gstrauss over 3 years ago

  • Status changed from Need Feedback to Patch Pending
  • Target version set to 1.4.42

Submitted change to set default request headers size limit to 8k, and enforce limit even on request headers completely received

#4

Updated by gstrauss over 3 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom