0.13.2
Important Changes
- HTTP/1.1 and HTTP/2 now have a 256 MiB default request body cap. Previously HTTP/1.1 and HTTP/2 had no body size limit. Operators handling >256 MiB uploads via HTTP/1.1 or HTTP/2 must explicitly set
request_max_body_sizeto a larger value in the top-level config; setrequest_max_body_size = 0or"unlimited"for no limit; human-readable suffixes ("256k","10m","1g") are also accepted. The HTTP/3 default is unchanged. The previousexperimental.h3.request_max_body_sizekey continues to work as a deprecated override for the HTTP/3 streaming body-size limit only (pre-flight Content-Length checks still use the top-level key) and emits a deprecation warning on config load/reload; it will be removed in 0.14.0.
Bugfix
- Fix: enforce a request body size limit on HTTP/1.1 and HTTP/2. Previously rpxy enforced
request_max_body_sizeonly on HTTP/3; a client could stream arbitrarily many request body bytes via HTTP/1.1 or HTTP/2 with no proxy-side bound, allowing a denial-of-service via unbounded request bodies. The same limit (default 256 MiB, matching the previous HTTP/3-only default) now applies to all three protocols, configurable via a new top-levelrequest_max_body_sizeTOML key. Oversize requests with a knownContent-Lengthare rejected up front with413 Payload Too Largebefore any upstream contact (HTTP/1.x responses includeConnection: closeso the unread body bytes are not fed into a recycled connection; HTTP/2 and HTTP/3 close the affected stream in-band); oversize chunked / streamed bodies are detected mid-flight by a per-request body adapter which emits oneerror!log line of the form "Request body exceeded limit: received N bytes, maximum allowed M" and surfaces to the client as an upstream-forwarder error (typically 502) or a connection drop, with the log line identifying the cause. HTTP/3's pre-existing streaming-overrun behaviour is preserved; HTTP/3 also newly gets the CL-known 413 pre-flight by routing through the unified handler entry. The internal representation moved fromusizetoOption<usize>(None= unlimited). The top-levelrequest_max_body_size = 0now maps to unlimited (None); the deprecatedexperimental.h3.request_max_body_size = 0remainsSome(0)for backward compatibility. - Fix: validate obfuscated nodenames in
Forwarded for=values per RFC 7239. rpxy now rejects invalidobfnodevalues instead of storing and re-emitting them into generatedForwardedheaders. The same ABNF guard is shared with obfuscated ports, keeping both obfuscatedfor=components valid-by-construction before the writer serializes them.
Improvement
- UX:
request_max_body_sizenow accepts human-readable size strings and an explicit unlimited mode. The top-levelrequest_max_body_sizeTOML key accepts an integer (bytes), a string with a binary suffix ("256k","10m","1g"), or0/"unlimited"to disable the top-level/default limit. Existing positive integer configs continue to work unchanged (top-level0now maps to unlimited in this unreleased cycle). A config-load warning is emitted when the top-level/default limit is disabled. The deprecatedexperimental.h3.request_max_body_sizekey remains integer-only for backward compatibility. - Nits: clean up in-source TODO comments. Empty or stale markers were removed, Japanese-only notes were translated, and the remaining future-work comments were clarified without changing runtime behavior.
- Refactor: clear scoped Clippy carry-over warnings in the forwarding-header and hop-header helpers. The cleanup reshapes nested control flow, fixes doc-comment placement, and adds direct
Upgradeextraction tests without changing header parsing or proxy behavior. - Refactor: remove an unused sticky-cookie duration getter. The stored sticky-cookie duration is still used when generating
Set-Cookiemetadata, and the current cookie lifetime behavior is unchanged. - Refactor: replace the hard-coded sticky-cookie duration with a named constant and add a defensive validation guard. The 300-second default is now
STICKY_COOKIE_DURATION_SECS, andStickyCookieConfig::try_newrejects non-positive durations at build time. No behavior change.
What's Changed
- feat(tls): enable stateless session tickets for non-mTLS apps and disable server-side TLS session caching by @junkurihara in #603
- perf(headers): remove hop-by-hop headers via pre-built HeaderName constants by @junkurihara in #604
- perf(logging): skip building the access-log record when no line can be emitted by @junkurihara in #605
- perf(headers): compute the authoritative request host once per request by @junkurihara in #606
- perf(headers): assemble forwarding-header output in single buffers by @junkurihara in #607
- perf(headers): format IPv4 in forwarding headers via itoa instead of core::fmt by @junkurihara in #608
- perf(headers): skip Cookie header rebuild when there is nothing to merge by @junkurihara in #609
- perf(headers): precompute the upstream Host header value instead of rebuilding per request by @junkurihara in #610
- perf(headers): read forwarding headers by borrowing instead of join-then-resplit by @junkurihara in #611
- refactor(headers): dispatch upstream options by set membership instead of a loop+match by @junkurihara in #612
- perf(sticky-cookie): precompute cookie name prefix and stop owning every sticky token by @junkurihara in #613
- refactor(sticky-cookie): parse token via split_once('=') instead of collecting an '=' split by @junkurihara in #614
- refactor(name_exp): render ServerName via Display instead of TryInto roundtrip by @junkurihara in #615
- Feat/inspect parse host simplify by @junkurihara in #616
- fix(message_handler): detect TE: trailers token case-insensitively (RFC 9110) by @junkurihara in #617
- refactor(hop): take Connection out of HeaderMap upfront in remove_connection_header by @junkurihara in #618
- fix(forwarding): parse Forwarded for= node-port per RFC 7239 6 (port / obfport) by @junkurihara in #619
- 0.13.1 by @junkurihara in #620
- Merge pull request #620 from junkurihara/develop by @junkurihara in #621
- fix: fix for copilot comments by @junkurihara in #623
- fix(message_handler): enforce request body size limit on h1/h2 by @junkurihara in #622
- fix(forwarding): Fix Forwarded obfuscated nodename validation by @junkurihara in #624
- chore(todo): cleanup todo comments by @junkurihara in #625
- fix: fix for copilot comments by @junkurihara in #626
- feat(clippy): carryover-cleanup by @junkurihara in #627
- chore(refactor): sticy cookie duration has been removed by @junkurihara in #628
- chore(refactor): fix some internal constants by @junkurihara in #629
- fix: rework on max_body_size by @junkurihara in #630
- 0.13.2 by @junkurihara in #631
Full Changelog: 0.13.0...0.13.2