How many args in $args?

Valentin V. Bartenev ne at vbart.ru
Wed Mar 7 10:30:58 UTC 2012


On Wednesday 07 March 2012 14:09:38 John Moore wrote:
> Is there some means of determining how many query parameters are being
> passed, by looking $args, say? There's a kind of DOS attack which can
> bring down Java based webapps which do binding of request parameters to
> properties, and it seems to me that nginx used as a remote proxy server
> could probably prevent this simply by rejecting requests which had more
> than x query parameters.

You can simple utilize regexp functionality for such task, i.e.:

 if ($args ~ "^(?:[^&]+&){16}") {
     return 403;
 }

http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if

 wbr, Valentin V. Bartenev



More information about the nginx mailing list