Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 9275:199dc0d6b05b
Added max_headers directive.
The directive limits the number of request headers accepted from clients.
While the total amount of headers is believed to be sufficiently limited
by the existing buffer size limits (client_header_buffer_size and
large_client_header_buffers), the additional limit on the number of headers
might be beneficial to better protect backend servers.
Requested by Maksim Yevmenkin.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 24 May 2024 00:20:01 +0300 |
| parents | f798ecafec05 |
| children |
comparison
equal
deleted
inserted
replaced
| 9274:46ecad404a29 | 9275:199dc0d6b05b |
|---|---|
| 250 ngx_conf_set_bufs_slot, | 250 ngx_conf_set_bufs_slot, |
| 251 NGX_HTTP_SRV_CONF_OFFSET, | 251 NGX_HTTP_SRV_CONF_OFFSET, |
| 252 offsetof(ngx_http_core_srv_conf_t, large_client_header_buffers), | 252 offsetof(ngx_http_core_srv_conf_t, large_client_header_buffers), |
| 253 NULL }, | 253 NULL }, |
| 254 | 254 |
| 255 { ngx_string("max_headers"), | |
| 256 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 257 ngx_conf_set_num_slot, | |
| 258 NGX_HTTP_SRV_CONF_OFFSET, | |
| 259 offsetof(ngx_http_core_srv_conf_t, max_headers), | |
| 260 NULL }, | |
| 261 | |
| 255 { ngx_string("ignore_invalid_headers"), | 262 { ngx_string("ignore_invalid_headers"), |
| 256 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 263 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
| 257 ngx_conf_set_flag_slot, | 264 ngx_conf_set_flag_slot, |
| 258 NGX_HTTP_SRV_CONF_OFFSET, | 265 NGX_HTTP_SRV_CONF_OFFSET, |
| 259 offsetof(ngx_http_core_srv_conf_t, ignore_invalid_headers), | 266 offsetof(ngx_http_core_srv_conf_t, ignore_invalid_headers), |
| 3461 | 3468 |
| 3462 cscf->connection_pool_size = NGX_CONF_UNSET_SIZE; | 3469 cscf->connection_pool_size = NGX_CONF_UNSET_SIZE; |
| 3463 cscf->request_pool_size = NGX_CONF_UNSET_SIZE; | 3470 cscf->request_pool_size = NGX_CONF_UNSET_SIZE; |
| 3464 cscf->client_header_timeout = NGX_CONF_UNSET_MSEC; | 3471 cscf->client_header_timeout = NGX_CONF_UNSET_MSEC; |
| 3465 cscf->client_header_buffer_size = NGX_CONF_UNSET_SIZE; | 3472 cscf->client_header_buffer_size = NGX_CONF_UNSET_SIZE; |
| 3473 cscf->max_headers = NGX_CONF_UNSET_UINT; | |
| 3466 cscf->ignore_invalid_headers = NGX_CONF_UNSET; | 3474 cscf->ignore_invalid_headers = NGX_CONF_UNSET; |
| 3467 cscf->merge_slashes = NGX_CONF_UNSET; | 3475 cscf->merge_slashes = NGX_CONF_UNSET; |
| 3468 cscf->underscores_in_headers = NGX_CONF_UNSET; | 3476 cscf->underscores_in_headers = NGX_CONF_UNSET; |
| 3469 | 3477 |
| 3470 cscf->file_name = cf->conf_file->file.name.data; | 3478 cscf->file_name = cf->conf_file->file.name.data; |
| 3501 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 3509 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
| 3502 "the \"large_client_header_buffers\" size must be " | 3510 "the \"large_client_header_buffers\" size must be " |
| 3503 "equal to or greater than \"connection_pool_size\""); | 3511 "equal to or greater than \"connection_pool_size\""); |
| 3504 return NGX_CONF_ERROR; | 3512 return NGX_CONF_ERROR; |
| 3505 } | 3513 } |
| 3514 | |
| 3515 ngx_conf_merge_uint_value(conf->max_headers, prev->max_headers, 1000); | |
| 3506 | 3516 |
| 3507 ngx_conf_merge_value(conf->ignore_invalid_headers, | 3517 ngx_conf_merge_value(conf->ignore_invalid_headers, |
| 3508 prev->ignore_invalid_headers, 1); | 3518 prev->ignore_invalid_headers, 1); |
| 3509 | 3519 |
| 3510 ngx_conf_merge_value(conf->merge_slashes, prev->merge_slashes, 1); | 3520 ngx_conf_merge_value(conf->merge_slashes, prev->merge_slashes, 1); |