[Varnish] #701: Parameters to limit URI / header sizes

Varnish varnish-bugs at varnish-cache.org
Wed Feb 23 12:33:30 CET 2011 

#701: Parameters to limit URI / header sizes
------------------------------------------------+---------------------------
 Reporter:  slink                               |        Owner:  phk    
     Type:  enhancement                         |       Status:  closed 
 Priority:  normal                              |    Milestone:         
Component:  varnishd                            |      Version:  trunk  
 Severity:  normal                              |   Resolution:  invalid
 Keywords:  max_hdr_len max_uri_len limit size  |  
------------------------------------------------+---------------------------

Old description:

> There still exist various scenarios where varnish may panic on failed
> assertions when the session workspace gets overflowed. A prominent case
> is extensive header/URI processing involving creation of (multiple)
> copies on the workspace.
> To ensure stable operation, the workspace needs to be sized based on
> maximum values for URI / header sizes.
> Thus, I am proposing to add respective limits.
>
> The attached patch will add two parameters:
>
>  * max_hdr_len to limit the total size for request and response headers
> (as received from backends), excluding the request/status line, but
> including the terminal CRLF
>  * max_uri_len to limit the total size of the request URI as received
> from clients
>
> The latter limit is probably already implied for most installations by
> backend servers' limits, so it seems sensible to make the respective
> check early in the processing chain.
>
> Thanks, Nils

New description:

 There still exist various scenarios where varnish may panic on failed
 assertions when the session workspace gets overflowed. A prominent case is
 extensive header/URI processing involving creation of (multiple) copies on
 the workspace.
 To ensure stable operation, the workspace needs to be sized based on
 maximum values for URI / header sizes.
 Thus, I am proposing to add respective limits.

 The attached patch will add two parameters:

  * max_hdr_len to limit the total size for request and response headers
 (as received from backends), excluding the request/status line, but
 including the terminal CRLF
  * max_uri_len to limit the total size of the request URI as received from
 clients

 The latter limit is probably already implied for most installations by
 backend servers' limits, so it seems sensible to make the respective check
 early in the processing chain.

 Thanks, Nils

--

Comment(by phk):

 I have added some new parameters in
 6edf9c379ed0ff20171c87c056730cf9084949b4 which allows you to tune the size
 of the total req/resp and of any individual header *except* the URI, which
 I will leave to VCL to check.

-- 
Ticket URL: <http://www.varnish-cache.org/trac/ticket/701#comment:2>
Varnish <http://varnish-cache.org/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list