Limit size of request body

This commit is contained in:
Unrud 2016-06-10 14:34:52 +02:00
parent b55d2181ed
commit e438d9fd4b
3 changed files with 10 additions and 0 deletions

3
config
View File

@ -24,6 +24,9 @@
# File storing the PID in daemon mode # File storing the PID in daemon mode
#pid = #pid =
# Max size of request body (bytes)
#max_content_length = 10000000
# Socket timeout (seconds) # Socket timeout (seconds)
#timeout = 10 #timeout = 10

View File

@ -301,6 +301,12 @@ class Application:
# Get content # Get content
content_length = int(environ.get("CONTENT_LENGTH") or 0) content_length = int(environ.get("CONTENT_LENGTH") or 0)
if content_length: if content_length:
max_content_length = self.configuration.getint(
"server", "max_content_length")
if max_content_length and content_length > max_content_length:
self.logger.debug(
"Request body too large: %d", content_length)
return response(client.REQUEST_ENTITY_TOO_LARGE)
try: try:
content = self.decode( content = self.decode(
environ["wsgi.input"].read(content_length), environ) environ["wsgi.input"].read(content_length), environ)

View File

@ -34,6 +34,7 @@ INITIAL_CONFIG = {
"hosts": "0.0.0.0:5232", "hosts": "0.0.0.0:5232",
"daemon": "False", "daemon": "False",
"pid": "", "pid": "",
"max_content_length": "10000000",
"timeout": "10", "timeout": "10",
"ssl": "False", "ssl": "False",
"certificate": "/etc/apache2/ssl/server.crt", "certificate": "/etc/apache2/ssl/server.crt",