Rodent of Unusual Size <[EMAIL PROTECTED]> writes:

> About a year ago (I think), Apache added directives
> for limiting what it would accept in a request header:
> o length of request-line
> o maximum number of fields
> o maximum length for any single field

I'm thinking of implementing only two limits for Net::HTTP:

   - max_line_length
   - max_header_lines

These limits seem easier to check with the current code.

The 'max_line_length' will give a limit on both the request-line and
any field lengths.  Since field values can be continued over multiple
lines it will in fact be possible to get fields longer than
'max_line_length'.

Is this good enough or should we use something similar to Apache?

> and also a maximum on the size of the content-body.

We already have that.

Regards,
Gisle

Reply via email to