Fwd: client_max_body_size

Hagai Avrahami hagaia at qwilt.com
Wed Mar 27 13:32:32 UTC 2013


Hi
I am trying to resend (with small modification..) my request for help
Many Thanks
Hagai

----------------------------------------------------------------------------------------------
Hi

Is there any way to deny all requests with body?
I know I can set set client_max_body_size to 1 (byte)
But.. in that case Nginx reads all body request before finalizing the
request.

In case of requests with body as part of attack I would like to close the
connection
immediately without wasting any processing on that request.

*I thought changing the code (ngx_http_core_module.c:996) from:*

if (r->headers_in.content_length_n != -1
        && !r->discard_body
        && clcf->client_max_body_size
        && clcf->client_max_body_size < r->headers_in.content_length_n)
    {
        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                      "client intended to send too large body: %O bytes",
                      r->headers_in.content_length_n);

        (void) ngx_http_discard_request_body(r);
        ngx_http_finalize_request(r, NGX_HTTP_REQUEST_ENTITY_TOO_LARGE);
        return NGX_OK;
    }


*To:*

if (r->headers_in.content_length_n != -1
        && !r->discard_body
        && clcf->client_max_body_size
        && clcf->client_max_body_size < r->headers_in.content_length_n)
    {
        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
                      "client intended to send too large body: %O bytes",
                      r->headers_in.content_length_n);

       * ngx_connection_t* connection = r->connection;
        ngx_http_finalize_request(r, NGX_DONE);
        ngx_close_connection(connection);*

        return NGX_OK;
    }

Is that cover all or more changes are needed?
Thanks
Hagai



-- 

*Hagai Avrahami*
Qwilt | Work: +972-72-2221644| Mobile: +972-54-4895656 |
hagaia at qwilt.com<yoav at qwilt.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130327/f9d5dcab/attachment.html>


More information about the nginx mailing list