<div dir="ltr">Hi<br><br>Is there any way to deny all requests with body?<br>I know I can set set client_max_body_size to 1 (byte)<br>But.. in that case Nginx reads all body request before finalizing the request.<br><br>In case of requests with body as part of attack I would like to close the connection<br>

immediately without wasting any processing on that request.<br><br><b>I thought changing the code (ngx_http_core_module.c:996) from:</b><br><br>if (r->headers_in.content_length_n != -1<br>        && !r->discard_body<br>

        && clcf->client_max_body_size<br>        && clcf->client_max_body_size < r->headers_in.content_length_n)<br>    {<br>        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,<br>
                      "client intended to send too large body: %O bytes",<br>
                      r->headers_in.content_length_n);<br>            <br>        (void) ngx_http_discard_request_body(r);<br>        ngx_http_finalize_request(r, NGX_HTTP_REQUEST_ENTITY_TOO_LARGE);<br>        return NGX_OK;<br>

    }<br><br><br><b><u>To:</u></b><br><br>if (r->headers_in.content_length_n != -1<br>        && !r->discard_body<br>        && clcf->client_max_body_size<br>        && clcf->client_max_body_size < r->headers_in.content_length_n)<br>

    {<br>        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,<br>                      "client intended to send too large body: %O bytes",<br>                      r->headers_in.content_length_n);<br>

<br>       <b> ngx_close_connection(r->connection);</b><br>        <br>        return NGX_OK;<br>    }<br><br>Is that cover all or more changes are needed?<br>Thanks<br>Hagai<br></div>