How many args in $args?

Maxim Dounin mdounin at
Wed Mar 7 10:24:34 UTC 2012


On Wed, Mar 07, 2012 at 10:09:38AM +0000, John Moore wrote:

> Is there some means of determining how many query parameters are being 
> passed, by looking $args, say? There's a kind of DOS attack which can 
> bring down Java based webapps which do binding of request parameters to 
> properties, and it seems to me that nginx used as a remote proxy server 
> could probably prevent this simply by rejecting requests which had more 
> than x query parameters.

Something like 

    if ($args ~ "(?:[&;][^&;]*){50,}") {
        return 403;

should do the trick.

Maxim Dounin

More information about the nginx mailing list