Project

General

Profile

Actions
Copy link

Feature #2130

closed

limits the size of HTTP request header

Added by liming almost 15 years ago. Updated about 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
1.4.42
ASK QUESTIONS IN Forums:

Description

Apache has a directive named "LimitRequestFieldSize". It limits the size of the HTTP request header allowed from the client.

lighttpd can also do it.

Files

diff.txt (5.29 KB) diff.txt liming, 2009-12-30 08:22
Actions
Copy link
 #1

Updated by gstrauss over 8 years ago

  • Target version deleted (1.5.0)
Actions
Copy link
 #2

Updated by gstrauss about 8 years ago

  • Status changed from Patch Pending to Need Feedback

lighttpd 1.4.x has a hard-coded limit of 64k for HTTP request header, though it will accept slightly larger HTTP request headers if the complete HTTP request header has already been received in kernel socket buffers.

Is there a specific reason for this feature request besides "Apache has this feature"? Default size of kernel socket buffers are typically 64k or larger.

Actions
Copy link
 #3

Updated by gstrauss about 8 years ago

  • Status changed from Need Feedback to Patch Pending
  • Target version set to 1.4.42

Submitted change to set default request headers size limit to 8k, and enforce limit even on request headers completely received

Actions
Copy link
 #4

Updated by gstrauss about 8 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom