Rodent of Unusual Size <[EMAIL PROTECTED]> writes:

> About a year ago (I think), Apache added directives
> for limiting what it would accept in a request header:
> o length of request-line
> o maximum number of fields
> o maximum length for any single field

I'm thinking of implementing only two limits for Net::HTTP:

   - max_line_length
   - max_header_lines

These limits seem easier to check with the current code.

The 'max_line_length' will give a limit on both the request-line and
any field lengths.  Since field values can be continued over multiple
lines it will in fact be possible to get fields longer than

Is this good enough or should we use something similar to Apache?

> and also a maximum on the size of the content-body.

We already have that.


Reply via email to