<div dir="ltr">Hi<br><br>Is there any way to deny all requests with body?<br>I know I can set set client_max_body_size to 1 (byte)<br>But.. in that case Nginx reads all body request before finalizing the request.<br><br>In case of requests with body as part of attack I would like to close the connection<br>
immediately without wasting any processing on that request.<br><br><b>I thought changing the code (ngx_http_core_module.c:996) from:</b><br><br>if (r->headers_in.content_length_n != -1<br> && !r->discard_body<br>
&& clcf->client_max_body_size<br> && clcf->client_max_body_size < r->headers_in.content_length_n)<br> {<br> ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,<br>
"client intended to send too large body: %O bytes",<br>
r->headers_in.content_length_n);<br> <br> (void) ngx_http_discard_request_body(r);<br> ngx_http_finalize_request(r, NGX_HTTP_REQUEST_ENTITY_TOO_LARGE);<br> return NGX_OK;<br>
}<br><br><br><b><u>To:</u></b><br><br>if (r->headers_in.content_length_n != -1<br> && !r->discard_body<br> && clcf->client_max_body_size<br> && clcf->client_max_body_size < r->headers_in.content_length_n)<br>
{<br> ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,<br> "client intended to send too large body: %O bytes",<br> r->headers_in.content_length_n);<br>
<br> <b> ngx_close_connection(r->connection);</b><br> <br> return NGX_OK;<br> }<br><br>Is that cover all or more changes are needed?<br>Thanks<br>Hagai<br></div>