cookie bomb - how to protect?

Valentin V. Bartenev vbart at
Sun Jan 19 16:47:47 UTC 2014

On Sunday 19 January 2014 11:06:58 mex wrote:
> i checked it, and it works, i get the following error back:
> 400 Bad Request
> Request Header Or Cookie Too Large
> my question: is there a generic way to check the size of such headers like
> cookies etc
> and to cut them off, or should we live with such malicious intent? 

You can include into this "Request Header Or Cookie Too Large" error page
a JS script that will clear cookies.

  wbr, Valentin V. Bartenev

More information about the nginx mailing list