cookie bomb - how to protect?

Valentin V. Bartenev vbart at nginx.com
Sun Jan 19 16:47:47 UTC 2014


On Sunday 19 January 2014 11:06:58 mex wrote:
[..]
> i checked it, and it works, i get the following error back:
> 
> 400 Bad Request
> 
> Request Header Or Cookie Too Large
> 
> my question: is there a generic way to check the size of such headers like
> cookies etc
> and to cut them off, or should we live with such malicious intent? 
> 
[..]

You can include into this "Request Header Or Cookie Too Large" error page
a JS script that will clear cookies.

  wbr, Valentin V. Bartenev



More information about the nginx mailing list