kangle 请求控制中,利用正则表达式匹配url长度不允许超过2048的方法,http协议规范原文255限制,设置414状态码返回
kangle 请求控制中,利用正则表达式匹配url长度不允许超过2048的方法,http协议规范原文255限制,设置414状态码返回新创建表单,url模块,目标拒绝即可
url匹配内容为
^(.{2049,})$
代表最大长度为2048,超过则进行403拒绝访问(建议根据下发增加414状态码返回)
url匹配内容为
^(.{256,})$
rewrite标记模块path值为(.*)code值为414
代表最大长度为255,超过则进行414拒绝访问(遵守协议规范返回414状态码)
配置文件例如
<chainaction='deny' >
<acl_urlnc='1'><!]></acl_url>
<mark_rewrite path='(.*)' dst='' internal='0' nc='1' code='414'></mark_rewrite>
</chain>
http协议规范原文
// https://www.ietf.org/rfc/rfc2616.txt
3.2.1 General Syntax
The HTTP protocol does not place any a priori limit on the length of
a URI. Servers MUST be able to handle the URI of any resource they
serve, and SHOULD be able to handle URIs of unbounded length if they
provide GET-based forms that could generate such URIs. A server
SHOULD return 414 (Request-URI Too Long) status if a URI is longer
than the server can handle (see section 10.4.15).
Note: Servers ought to be cautious about depending on URI lengths
above 255 bytes, because some older client or proxy
implementations might not properly support these lengths.
标{:3018:}
页:
[1]