> > Okay. I'll set it to 8k then. I had difficulty finding any docs in the > nginx > end. There's no negotiation step in the protocol where this limit could > have > been agreed upon between nginx and uWSGI?
no :( > >> If you are asking yourself why such limits exist, take in accounts >> headers >> must be available for the whole request management, so you have to put >> them in memory. Now just immagine an evil-users send a request with >> thousand of headers :) > > I was sort of expecting this - but don't you think the appropriate setting > should have a more suggestive name then, like max-request-header-size? that buffer does not maintains only headers information, it is used for a lot more things > also > worries me a bit that a normal user can hit this limit with normal size > URLs, > although apparently a bunch of cookies. > > I'm not sure why he had so big cookies, it was a left-over from their old > CMS > system made by someone else, but IIRC up to 4k cookies is considered okay > by > browsers. I am generally scared too about such big requests, normally they happens on frameworks storing a lot of user informations in cookies or with browsers passing lot of additional infos (i have found such questionable behaviour expecially on proxies). By the way i had never needed to raise it over 8k -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
