This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 6a0bce6799 Reduce the default size of max header sizes (#11344)
6a0bce6799 is described below
commit 6a0bce679938dcaff949f0f71685094acb777413
Author: Masakazu Kitajo <[email protected]>
AuthorDate: Fri Jun 7 12:14:20 2024 -0600
Reduce the default size of max header sizes (#11344)
---
doc/admin-guide/files/records.yaml.en.rst | 9 ++++-----
src/records/RecordsConfig.cc | 6 +++---
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/doc/admin-guide/files/records.yaml.en.rst
b/doc/admin-guide/files/records.yaml.en.rst
index 606118592d..19b3d0dc97 100644
--- a/doc/admin-guide/files/records.yaml.en.rst
+++ b/doc/admin-guide/files/records.yaml.en.rst
@@ -1309,7 +1309,7 @@ allow-plain
in a request with the sum of their name and value that exceed this size
will cause the
entire request to be treated as invalid and rejected by the proxy.
-.. ts:cv:: CONFIG proxy.config.http.request_header_max_size INT 131072
+.. ts:cv:: CONFIG proxy.config.http.request_header_max_size INT 32768
:overridable:
:reloadable:
@@ -1317,7 +1317,7 @@ allow-plain
in a request which exceed this size will cause the entire request to be
treated as invalid and rejected by the proxy.
-.. ts:cv:: CONFIG proxy.config.http.response_header_max_size INT 131072
+.. ts:cv:: CONFIG proxy.config.http.response_header_max_size INT 32768
:overridable:
:reloadable:
@@ -4454,12 +4454,11 @@ HTTP/2 Configuration
Dynamic Table, however, headers still can be encoded as indexable
representations. The upper limit is 65536.
-.. ts:cv:: CONFIG proxy.config.http2.max_header_list_size INT 131072
+.. ts:cv:: CONFIG proxy.config.http2.max_header_list_size INT 32768
:reloadable:
This advisory setting informs a peer of the maximum size of header list
- that the sender is prepared to accept blocks. The default value, which is
- the unsigned int maximum value in |TS|, implies unlimited size.
+ that the sender is prepared to accept.
.. ts:cv:: CONFIG proxy.config.http2.stream_priority_enabled INT 0
:reloadable:
diff --git a/src/records/RecordsConfig.cc b/src/records/RecordsConfig.cc
index 4673cdebc6..5e580819bd 100644
--- a/src/records/RecordsConfig.cc
+++ b/src/records/RecordsConfig.cc
@@ -533,9 +533,9 @@ static const RecordElement RecordsConfig[] =
// ############
// # security #
// ############
- {RECT_CONFIG, "proxy.config.http.request_header_max_size", RECD_INT,
"131072", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
+ {RECT_CONFIG, "proxy.config.http.request_header_max_size", RECD_INT,
"32768", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
- {RECT_CONFIG, "proxy.config.http.response_header_max_size", RECD_INT,
"131072", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
+ {RECT_CONFIG, "proxy.config.http.response_header_max_size", RECD_INT,
"32768", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
{RECT_CONFIG, "proxy.config.http.push_method_enabled", RECD_INT, "0",
RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
,
@@ -1284,7 +1284,7 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.http2.header_table_size", RECD_INT, "4096",
RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
,
- {RECT_CONFIG, "proxy.config.http2.max_header_list_size", RECD_INT, "131072",
RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
+ {RECT_CONFIG, "proxy.config.http2.max_header_list_size", RECD_INT, "32768",
RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
,
{RECT_CONFIG, "proxy.config.http2.accept_no_activity_timeout", RECD_INT,
"120", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL}
,
