Verify Content-Length matches request body
Max Rothman
max at edx.org
Thu Mar 12 15:01:46 UTC 2015
Hi,
Is there a way for nginx to verify that the Content-Length header isn't
exceeded by the actual size of the request body?
Context: I'm working on an upload endpoint with a maximum upload size, and
it seems that client_max_body_size only checks the Content-Length header,
not the actual body. Additionally, from my testing it appears that
nginx accepts
the entire request body regardless of what the Content-Length is set to. I
want to be able to defend against a potential slowloris-style attack where
all of my workers could get tied up with overly-large uploads.
Thanks,
Max Rothman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150312/b9d98202/attachment.html>
More information about the nginx
mailing list