proxmox-mirrors/pve-http-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-http-server synced 2025-05-01 22:43:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

increase max headers to 64 to cope with modern browsers + proxy combinations

Browse Source 
This is mostly a "do not allow infinity headers" limit in the sense
of "it's good to have limits". With modern browsers and users behind
proxies we may actually get over 30 headers, so increase it for now
to 64 - hopefully enough for another decade ;)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reported-by: Victor Hooi <victorhooi@yahoo.com>
This commit is contained in:
Thomas Lamprecht 2020-07-02 07:54:52 +02:00
parent abef317256
commit e7ee5e3f75
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
PVE/APIServer/AnyEvent.pm
View File

@ -46,7 +46,7 @@ use HTTP::Response;
use Data::Dumper;
use JSON;
my $limit_max_headers = 30;
my $limit_max_headers = 64;
my $limit_max_header_size = 8*1024;
my $limit_max_post = 64*1024;
@ -1184,7 +1184,7 @@ sub unshift_read_header {
eval {
# print "$$: got header: $line\n" if $self->{debug};
die "to many http header lines\n" if ++$state->{count} >= $limit_max_headers;
die "too many http header lines (> $limit_max_headers)\n" if ++$state->{count} >= $limit_max_headers;
die "http header too large\n" if ($state->{size} += length($line)) >= $limit_max_header_size;
my $r = $reqstate->{request};