This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 50e2225569023da561115f36d7d2296618f8e4d8 Author: Masakazu Kitajo <[email protected]> AuthorDate: Fri Jun 7 12:14:20 2024 -0600 Reduce the default size of max header sizes (#11344) (cherry picked from commit 6a0bce679938dcaff949f0f71685094acb777413) --- doc/admin-guide/files/records.yaml.en.rst | 9 ++++----- src/records/RecordsConfig.cc | 6 +++--- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/doc/admin-guide/files/records.yaml.en.rst b/doc/admin-guide/files/records.yaml.en.rst index 62db02ee1f..d5ec92a7b5 100644 --- a/doc/admin-guide/files/records.yaml.en.rst +++ b/doc/admin-guide/files/records.yaml.en.rst @@ -1309,7 +1309,7 @@ allow-plain in a request with the sum of their name and value that exceed this size will cause the entire request to be treated as invalid and rejected by the proxy. -.. ts:cv:: CONFIG proxy.config.http.request_header_max_size INT 131072 +.. ts:cv:: CONFIG proxy.config.http.request_header_max_size INT 32768 :overridable: :reloadable: @@ -1317,7 +1317,7 @@ allow-plain in a request which exceed this size will cause the entire request to be treated as invalid and rejected by the proxy. -.. ts:cv:: CONFIG proxy.config.http.response_header_max_size INT 131072 +.. ts:cv:: CONFIG proxy.config.http.response_header_max_size INT 32768 :overridable: :reloadable: @@ -4448,12 +4448,11 @@ HTTP/2 Configuration Dynamic Table, however, headers still can be encoded as indexable representations. The upper limit is 65536. -.. ts:cv:: CONFIG proxy.config.http2.max_header_list_size INT 131072 +.. ts:cv:: CONFIG proxy.config.http2.max_header_list_size INT 32768 :reloadable: This advisory setting informs a peer of the maximum size of header list - that the sender is prepared to accept blocks. The default value, which is - the unsigned int maximum value in |TS|, implies unlimited size. + that the sender is prepared to accept. .. ts:cv:: CONFIG proxy.config.http2.stream_priority_enabled INT 0 :reloadable: diff --git a/src/records/RecordsConfig.cc b/src/records/RecordsConfig.cc index 81bfd7cf5c..c76d6671af 100644 --- a/src/records/RecordsConfig.cc +++ b/src/records/RecordsConfig.cc @@ -533,9 +533,9 @@ static const RecordElement RecordsConfig[] = // ############ // # security # // ############ - {RECT_CONFIG, "proxy.config.http.request_header_max_size", RECD_INT, "131072", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} + {RECT_CONFIG, "proxy.config.http.request_header_max_size", RECD_INT, "32768", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , - {RECT_CONFIG, "proxy.config.http.response_header_max_size", RECD_INT, "131072", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} + {RECT_CONFIG, "proxy.config.http.response_header_max_size", RECD_INT, "32768", RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL} , {RECT_CONFIG, "proxy.config.http.push_method_enabled", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} , @@ -1282,7 +1282,7 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.http2.header_table_size", RECD_INT, "4096", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} , - {RECT_CONFIG, "proxy.config.http2.max_header_list_size", RECD_INT, "131072", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} + {RECT_CONFIG, "proxy.config.http2.max_header_list_size", RECD_INT, "32768", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} , {RECT_CONFIG, "proxy.config.http2.accept_no_activity_timeout", RECD_INT, "120", RECU_DYNAMIC, RR_NULL, RECC_STR, "^[0-9]+$", RECA_NULL} ,
