client_max_body_size
Hagai Avrahami
hagaia at qwilt.com
Sun Mar 24 11:52:42 UTC 2013
Hi
Is there any way to deny all requests with body?
I know I can set set client_max_body_size to 1 (byte)
But.. in that case Nginx reads all body request before finalizing the
request.
In case of requests with body as part of attack I would like to close the
connection
immediately without wasting any processing on that request.
*I thought changing the code (ngx_http_core_module.c:996) from:*
if (r->headers_in.content_length_n != -1
&& !r->discard_body
&& clcf->client_max_body_size
&& clcf->client_max_body_size < r->headers_in.content_length_n)
{
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"client intended to send too large body: %O bytes",
r->headers_in.content_length_n);
(void) ngx_http_discard_request_body(r);
ngx_http_finalize_request(r, NGX_HTTP_REQUEST_ENTITY_TOO_LARGE);
return NGX_OK;
}
*To:*
if (r->headers_in.content_length_n != -1
&& !r->discard_body
&& clcf->client_max_body_size
&& clcf->client_max_body_size < r->headers_in.content_length_n)
{
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"client intended to send too large body: %O bytes",
r->headers_in.content_length_n);
* ngx_close_connection(r->connection);*
return NGX_OK;
}
Is that cover all or more changes are needed?
Thanks
Hagai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130324/d6556f94/attachment.html>
More information about the nginx
mailing list