Calomel,
Only allow GET and HEAD request methods
if ($request_method !~ ^(GET|HEAD)$ ) { return 444; }
Regarding the above - no one should ever do a POST operation to our
site. However since the above check can slow things down a tad (someone
said as much as 15% compared to other methods), I was thinking to
instead simply use:
client_max_body_size 1k 1k;
Well, I will use that in any event. However I’m wondering then if the
request_method check above is then even worth it. If someone is going
to use POST the most they could do is 1KB so perhaps the
large_client_header_buffer is enough protection for that and not worth
adding slight overhead on the request_type check. What do you think?
Also I am trying to see if I understand something properly from your
excellent website article… If I use this:
large_client_header_buffers 2 4k;
Does that mean that a request URI that comes in can be up to 8KB in
size. Or does it mean it can only be up to 4kb? I was a bit confused by
the text for this on your site. You said "is the limit of the URI
request line
which can not be larger then the size of ONE buffer. I wasn’t
sure if you meant one buffer because that is what you were using in your
example, or it is indeed limited to one?
In our case most of the query strings we get will be small. However
some can be up to 4-6KB in size. What do you recommend - using
…_buffers 2 4k; or …_buffers 1 8k; etc?
Thanks!