Actions
Feature #2130
closedlimits the size of HTTP request header
ASK QUESTIONS IN Forums:
Description
Apache has a directive named "LimitRequestFieldSize". It limits the size of the HTTP request header allowed from the client.
lighttpd can also do it.
Files
Updated by gstrauss about 8 years ago
- Status changed from Patch Pending to Need Feedback
lighttpd 1.4.x has a hard-coded limit of 64k for HTTP request header, though it will accept slightly larger HTTP request headers if the complete HTTP request header has already been received in kernel socket buffers.
Is there a specific reason for this feature request besides "Apache has this feature"? Default size of kernel socket buffers are typically 64k or larger.
Updated by gstrauss about 8 years ago
- Status changed from Need Feedback to Patch Pending
- Target version set to 1.4.42
Submitted change to set default request headers size limit to 8k, and enforce limit even on request headers completely received
Updated by gstrauss about 8 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset 1018ff992215e1e9271b2eb77cd878fa721fee65.
Actions
Also available in: Atom