cookie bomb - how to protect?
Valentin V. Bartenev
vbart at nginx.com
Sun Jan 19 16:47:47 UTC 2014
On Sunday 19 January 2014 11:06:58 mex wrote:
[..]
> i checked it, and it works, i get the following error back:
>
> 400 Bad Request
>
> Request Header Or Cookie Too Large
>
> my question: is there a generic way to check the size of such headers like
> cookies etc
> and to cut them off, or should we live with such malicious intent?
>
[..]
You can include into this "Request Header Or Cookie Too Large" error page
a JS script that will clear cookies.
wbr, Valentin V. Bartenev
More information about the nginx
mailing list