Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit the size of requests #52

Open
xvjau opened this issue Apr 5, 2018 · 1 comment
Open

Limit the size of requests #52

xvjau opened this issue Apr 5, 2018 · 1 comment

Comments

@xvjau
Copy link
Contributor

xvjau commented Apr 5, 2018

As a security measure, we need to limit the amount of bytes per request, so an attacker cannot, easily, perform a DoS attack by simply sending and excessive number of headers or multiple-gigabyte requests.

Ideally, a preset limit in the number of HTTP-Headers that the parser will receive before dropping the request can be implemented. The user could optionally pass a custom limit when instantiating the template.
@vinipsmaker
Copy link
Member

I can provide a custom settings object which you can use with the numbers/limits you want.

It'd be a settings in the same sense as this one:

boost.http/example/spawn-settings.cpp

Line 232 in ea7aa01

http::basic_buffered_socket<asio::ip::tcp::socket, socket_settings> socket;

You just fill in the numbers you want to configure the limits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vinipsmaker @xvjau