Fwd: client_max_body_size
Hagai Avrahami
hagaia at qwilt.com
Wed Mar 27 13:32:32 UTC 2013
Hi
I am trying to resend (with small modification..) my request for help
Many Thanks
Hagai
----------------------------------------------------------------------------------------------
Hi
Is there any way to deny all requests with body?
I know I can set set client_max_body_size to 1 (byte)
But.. in that case Nginx reads all body request before finalizing the
request.
In case of requests with body as part of attack I would like to close the
connection
immediately without wasting any processing on that request.
*I thought changing the code (ngx_http_core_module.c:996) from:*
if (r->headers_in.content_length_n != -1
&& !r->discard_body
&& clcf->client_max_body_size
&& clcf->client_max_body_size < r->headers_in.content_length_n)
{
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"client intended to send too large body: %O bytes",
r->headers_in.content_length_n);
(void) ngx_http_discard_request_body(r);
ngx_http_finalize_request(r, NGX_HTTP_REQUEST_ENTITY_TOO_LARGE);
return NGX_OK;
}
*To:*
if (r->headers_in.content_length_n != -1
&& !r->discard_body
&& clcf->client_max_body_size
&& clcf->client_max_body_size < r->headers_in.content_length_n)
{
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"client intended to send too large body: %O bytes",
r->headers_in.content_length_n);
* ngx_connection_t* connection = r->connection;
ngx_http_finalize_request(r, NGX_DONE);
ngx_close_connection(connection);*
return NGX_OK;
}
Is that cover all or more changes are needed?
Thanks
Hagai
--
*Hagai Avrahami*
Qwilt | Work: +972-72-2221644| Mobile: +972-54-4895656 |
hagaia at qwilt.com<yoav at qwilt.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130327/f9d5dcab/attachment.html>
More information about the nginx
mailing list