request body and client_body_buffer_size
Maxim Dounin
mdounin at mdounin.ru
Sat Sep 14 19:23:22 UTC 2013
Hello!
On Sat, Sep 14, 2013 at 11:15:39AM -0700, Jeroen Ooms wrote:
> @ Maxim Dounin
>
> Thanks! This is very helpful. I have also set:
>
> client_body_buffer_size 1m;
>
> Could this setting have any side effects? I am not expecting too many
> large POST request. From what I read, client_body_buffer_size is
> actually the maximum amount of memory allocated. Does this mean that
> for small requests (e.g. without a body) there is no additional
> overhead introduced by raising this value?
Yes, it's not allocated if there is no request body, and only
needed buffer is allocated if a request body is known to be
smaller. On the other hand, it can be used as a DoS vector if an
attacker is allowed to open many connections but you can't afford
them all to allocate client_body_buffer_size buffer.
Additionally, using such a big $request_body in proxy_cache_key
implies various overheads. In particular, proxy_buffer_size should
be set big enough to be able to contain cache header with a key.
Not even talking about reading/writing cache files with such keys.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx
mailing list