Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: optional Request-line length limit #15494
Using net/http ReverseProxy server and encountering cases where it would be ideal to reject HTTP requests that exceed a request-line greater than some configurable value.
According to the RFC and request-line:
there is no predefined limit on the request line size, so the http server in go is doing the right thing.
However scenarios such as plain old invalid requests or potentially malicious requests with large payloads, it would be ideal to have the option to cap the request-line and return a 400 - Bad Request.
Any thoughts on potentially providing optional support to have a max length request line?
One last question, would you be open to having a separate
The problem I am having right now is coming up with a value that works for both headers vs. request line.
I'd also be happy to submit a contribution to help.