Mercurial > hg > nginx
view conf/scgi_params @ 9240:f3df785649ae
Request body: limited chunk extensions and trailer headers.
Previously, arbitrary amounts of chunk extensions and trailer headers were
accepted and skipped. Despite being under limit_conn / limit_req limits
(if configured), this can be a DoS vector, so it is now limited by the
client_max_body_size limit.
Reported by Bartek Nowotarski.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 30 Mar 2024 05:09:35 +0300 |
parents | 62869a9b2e7d |
children |
line wrap: on
line source
scgi_param REQUEST_METHOD $request_method; scgi_param REQUEST_URI $request_uri; scgi_param QUERY_STRING $query_string; scgi_param CONTENT_TYPE $content_type; scgi_param DOCUMENT_URI $document_uri; scgi_param DOCUMENT_ROOT $document_root; scgi_param SCGI 1; scgi_param SERVER_PROTOCOL $server_protocol; scgi_param REQUEST_SCHEME $scheme; scgi_param HTTPS $https if_not_empty; scgi_param REMOTE_ADDR $remote_addr; scgi_param REMOTE_PORT $remote_port; scgi_param SERVER_PORT $server_port; scgi_param SERVER_NAME $server_name;