1306 remove upper limit on max header size config #1313

Merged
merged 3 commits into from Sep 17, 2016

Conversation

Projects
None yet
3 participants
@tobgu
Contributor

tobgu commented Jul 27, 2016

I re-generated the settings.rst file to reflect the updates made to config.py. Not sure if this was a good idea. Partly because some previous changes (not related to this PR) that were previously not included now got included. Partly because some examples now reflect my personal settings rather than those of @benoitc. I can drop those changes if you want.

Apart from that I'd be happy for any comments!

@benoitc

This comment has been minimized.

Show comment
Hide comment
@benoitc

benoitc Jul 27, 2016

Owner

@tobgu patch is ok. Thanks forit! :)

It would be indeed better to have the doc regeneration outside the settings.py update. Can you make the change?

Owner

benoitc commented Jul 27, 2016

@tobgu patch is ok. Thanks forit! :)

It would be indeed better to have the doc regeneration outside the settings.py update. Can you make the change?

@tobgu

This comment has been minimized.

Show comment
Hide comment
@tobgu

tobgu Jul 28, 2016

Contributor

Sure, no problem. I'm away from computers for a couple of days but will fix it once i get back to a sensible device.

Contributor

tobgu commented Jul 28, 2016

Sure, no problem. I'm away from computers for a couple of days but will fix it once i get back to a sensible device.

@tobgu

This comment has been minimized.

Show comment
Hide comment
@tobgu

tobgu Aug 2, 2016

Contributor

Removed the generated RST.

Contributor

tobgu commented Aug 2, 2016

Removed the generated RST.

@tobgu

This comment has been minimized.

Show comment
Hide comment
@tobgu

tobgu Aug 28, 2016

Contributor

Can this be merged or are there additional things you would like me to update?

Contributor

tobgu commented Aug 28, 2016

Can this be merged or are there additional things you would like me to update?

gunicorn/config.py
- on the allowed size of an HTTP request header field.
+ Value is a positive number or 0. Setting it to 0 will allow unlimited header field sizes.
+
+ Setting this parameter to a very high or unlimited value can open up for DDOS attacks.

This comment has been minimized.

@berkerpeksag

berkerpeksag Sep 17, 2016

Collaborator

Since this is important, we could make it a warning:

.. warning::
   Setting [...]
@berkerpeksag

berkerpeksag Sep 17, 2016

Collaborator

Since this is important, we could make it a warning:

.. warning::
   Setting [...]

This comment has been minimized.

@tobgu

tobgu Sep 17, 2016

Contributor

Yes, fixed!

@tobgu

tobgu Sep 17, 2016

Contributor

Yes, fixed!

.gitignore
@@ -13,3 +13,5 @@ examples/frameworks/pylonstest/PasteScript*
examples/frameworks/pylonstest/pylonstest.egg-info/
examples/frameworks/django/testing/testdb.sql
.tox
+venv

This comment has been minimized.

@berkerpeksag

berkerpeksag Sep 17, 2016

Collaborator

Thank for updating .gitignore, but these can live in your global .gitconfig.

@berkerpeksag

berkerpeksag Sep 17, 2016

Collaborator

Thank for updating .gitignore, but these can live in your global .gitconfig.

This comment has been minimized.

@tobgu

tobgu Sep 17, 2016

Contributor

Added the venv because i figured the Makefile made assumptions about the location of the venv but I've removed that now.

@tobgu

tobgu Sep 17, 2016

Contributor

Added the venv because i figured the Makefile made assumptions about the location of the venv but I've removed that now.

gunicorn/config.py
@@ -793,8 +793,9 @@ class LimitRequestFieldSize(Setting):
desc = """\
Limit the allowed size of an HTTP request header field.
- Value is a number from 0 (unlimited) to 8190. to set the limit
- on the allowed size of an HTTP request header field.
+ Value is a positive number or 0. Setting it to 0 will allow unlimited header field sizes.

This comment has been minimized.

@berkerpeksag

berkerpeksag Sep 17, 2016

Collaborator

Also, please keep line lengths < 80 chars

@berkerpeksag

berkerpeksag Sep 17, 2016

Collaborator

Also, please keep line lengths < 80 chars

This comment has been minimized.

@tobgu

tobgu Sep 17, 2016

Contributor

Fixed!

@tobgu

tobgu Sep 17, 2016

Contributor

Fixed!

@berkerpeksag berkerpeksag merged commit 70cfb0d into benoitc:master Sep 17, 2016

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
@berkerpeksag

This comment has been minimized.

Show comment
Hide comment
@berkerpeksag

berkerpeksag Sep 17, 2016

Collaborator

Thanks!

Collaborator

berkerpeksag commented Sep 17, 2016

Thanks!

fofanov pushed a commit to fofanov/gunicorn that referenced this pull request Mar 16, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment