Bug #232
closedLighty does not truncate oversize requests in logs
Description
Some asshole was blasting my producton machine with what appeared to be buffer overflow attempts, whee.
But - lighty dumped the entire request (many thousands of characters not in ascii :) into the logfile, instead of (correctly) truncating the request. It shold also restrict the characters that make it into logs, though I'm not sure what rules to use.
I just grepped out those requests, ran mergelog again, and nothing complained after that.
-- root
Updated by Anonymous over 17 years ago
I have seen the same problem as a client sends a 65K SEARCH request.
68.48.72.252 - - -0400 "SEARCH / (65KB of binary data) HTTP/1.1" 501 678 "-" "-"
Is there any way to limit the request method size ??
-- Calomel
Updated by gstrauss about 9 years ago
This can probably be closed. The current limit is 64kb. Note that mod_accesslog encodes the data in each log line (including encoding '\n' and '\0'), so that each accesslog entry remains a single line.
commit 069e848a0c1fc11cb3e4da8c7c12120cdd6699ef
Author: Stefan Bühler <stbuehler@web.de>
Date: Fri Oct 16 16:43:28 2009 +0000
mod_accesslog: escape special characters (fixes #1551, thx icy)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2660 152afb58-edef-0310-8abb-c4023f1b3aa9
Updated by stbuehler about 9 years ago
- Description updated (diff)
- Status changed from New to Invalid
- Assignee deleted (
jan)
There is no generic way preventing assholes from DoSing your logfile. A size limit just means they will hit you faster :)
Also available in: Atom