Re: How to block POST requests?

Calomel,

Only allow GET and HEAD request methods

 if ($request_method !~ ^(GET|HEAD)$ ) {
    return 444;
 }

Regarding the above - no one should ever do a POST operation to our
site. However since the above check can slow things down a tad (someone
said as much as 15% compared to other methods), I was thinking to
instead simply use:

client_max_body_size 1k 1k;

Well, I will use that in any event. However I’m wondering then if the
request_method check above is then even worth it. If someone is going
to use POST the most they could do is 1KB so perhaps the
large_client_header_buffer is enough protection for that and not worth
adding slight overhead on the request_type check. What do you think?

Also I am trying to see if I understand something properly from your
excellent website article… If I use this:
large_client_header_buffers 2 4k;

Does that mean that a request URI that comes in can be up to 8KB in
size. Or does it mean it can only be up to 4kb? I was a bit confused by
the text for this on your site. You said "is the limit of the URI
request line
which can not be larger then the size of ONE buffer. I wasn’t
sure if you meant one buffer because that is what you were using in your
example, or it is indeed limited to one?

In our case most of the query strings we get will be small. However
some can be up to 4-6KB in size. What do you recommend - using
…_buffers 2 4k; or …_buffers 1 8k; etc?

Thanks!

RT,

Igor would probably have more accurate information, but the regular
expression should be more efficient than accepting a stream of data up
to 1k and closing the connection. (client_max_body_size 1k 1k;)

As I understand it you have two(2) buffers of the size 4k. This should
mean you will accept up to 8K of data. (large_client_header_buffers 2
4k;) I will change the wording on my site to make it a bit clearer.

I am not sure what would be more efficient. 2x4 or 1x8 buffers. I am
going to guess that if you had a data size of less than 4K then you
would only need to setup one small buffer. But, if you had 8K of data
then there would be more overhead setting up 2 4k buffers compared to
1 8k buffer. I am not really sure it makes that much difference since
the sizes are so small.

Does anyone else have any insights?


Calomel @ https://calomel.org
Open Source Research and Reference

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs