[erlang-questions] 8k limit on gen_tcp:recv?
Bob Ippolito
bob@REDACTED
Thu Mar 11 01:14:40 CET 2010
At some point you have to give up on parsing a long URL to prevent a
denial of service attack. I don't know if that limit is documented or
configurable, I haven't recently looked at the code that handles
parsing HTTP requests.
I'm sure someone knows about it, but it's definitely not something
everyone knows.
Is there a use case for such a long URL? Most browsers and servers
have some kind of limit (2038 for IE, 8190 for apache 2.2 by default,
16k for IIS, ...). 8k might be a little conservative, but how far do
you really want to go?
On Wed, Mar 10, 2010 at 3:57 PM, Rachel Willmer <rwillmer@REDACTED> wrote:
> I'll add the test case tomorrow morning, it is 100% repeatable.
>
> From what I could see from the response from gen_tcp:recv, it's just
> returning an error, not a continuation response, so I don't think
> there's anything for mochiweb to handle.
>
> But yes, I will add the test case and the diagnostic tomorrow. Just
> wanted to check now that this wasn't already a known issue/limitation.
>
> Rachel
>
More information about the erlang-questions
mailing list