<div dir="ltr"><div class="gmail_quote">Hi<br>I am trying to resend (with small modification..) my request for help<br>Many Thanks <br>Hagai<br><br>----------------------------------------------------------------------------------------------<br>
<div dir="ltr">Hi<br><br>Is there any way to deny all requests with body?<br>I know I can set set client_max_body_size to 1 (byte)<br>But.. in that case Nginx reads all body request before finalizing the request.<br><br>
In case of requests with body as part of attack I would like to close the connection<br>
immediately without wasting any processing on that request.<br><br><b>I thought changing the code (ngx_http_core_module.c:996) from:</b><br><br>if (r->headers_in.content_length_n != -1<br> && !r->discard_body<br>
&& clcf->client_max_body_size<br> && clcf->client_max_body_size < r->headers_in.content_length_n)<br> {<br> ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,<br>
"client intended to send too large body: %O bytes",<br>
r->headers_in.content_length_n);<br> <br> (void) ngx_http_discard_request_body(r);<br> ngx_http_finalize_request(r, NGX_HTTP_REQUEST_ENTITY_TOO_LARGE);<br> return NGX_OK;<br>
}<br><br><br><b><u>To:</u></b><br><br>if (r->headers_in.content_length_n != -1<br> && !r->discard_body<br> && clcf->client_max_body_size<br> && clcf->client_max_body_size < r->headers_in.content_length_n)<br>
{<br> ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,<br> "client intended to send too large body: %O bytes",<br> r->headers_in.content_length_n);<br>
<br> <b> ngx_connection_t* connection = r->connection; <br> ngx_http_finalize_request(r, NGX_DONE);<br> ngx_close_connection(connection);</b><br> <br> return NGX_OK;<br> }<br>
<br>Is that cover all or more changes are needed?<br>Thanks<span class="HOEnZb"><font color="#888888"><br>Hagai<br></font></span></div>
</div><br><br clear="all"><br>-- <br><div dir="ltr"><p><font color="#000000"><b>Hagai Avrahami</b></font><br>
<font color="#000000">Qwilt | Work: +972-72-2221644| Mobile: +972-54-4895656 | </font><a href="mailto:yoav@qwilt.com" rel="nofollow" target="_blank">hagaia@qwilt.com</a></p></div>
</div>