dsouza93 opened a new issue #5244: URL: https://github.com/apache/trafficcontrol/issues/5244
<!-- ************ STOP!! ************ If this issue identifies a security vulnerability, DO NOT submit it! Instead, contact the Apache Traffic Control Security Team at [email protected] and follow the guidelines at https://www.apache.org/security/ regarding vulnerability disclosure. - For *SUPPORT QUESTIONS*, use the Traffic Control slack (https://s.apache.org/atc-slack) or Traffic Control mailing lists (https://trafficcontrol.apache.org/mailing_lists). - Before submitting, please **SEARCH GITHUB** for a similar issue or PR. --> ## I'm submitting a ... <!-- delete all those that don't apply --> <!--- security vulnerability (STOP!! - see above)--> - new feature / enhancement request ## Traffic Control components affected ... <!-- delete all those that don't apply --> - Documentation - Traffic Ops - Traffic Ops ORT - Traffic Portal ## Current behavior: <!-- Describe how the current features are insufficient. --> Currently, ATS' request_header_max_size is only configurable globally. It is not set on a per delivery service basis. Delivery service owners should have the ability to increase their header_max_size above the global limit if their origin is capable of handling that request and it is required for their delivery lane. ## New behavior: <!-- Describe how the feature would improve Traffic Control --> It would be ideal if Request Max Header Size was an additional configurable value in the Delivery Service config and integrated into Traffic Portal as a field. The request_header_max_size value is not overridable using header rewrite, so ATC would likely need to configure ATS under the hood by injecting: cond %{REMAP_PSEUDO_HOOK} cond %<cqhl> > {Configured Value in Bytes} set-status 400 into the delivery services header rewrite. It is also worth noting that we would keep the global variable in play, set higher than our default as a last line of defense. If the Delivery service configured value is higher than the global, it will be useless as the global takes precedence. It would be nice if either the Portal or TO could prevent the user from that misconfiguration. <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
