Mercurial > hg > nginx

changeset 9275:199dc0d6b05b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added max_headers directive. The directive limits the number of request headers accepted from clients. While the total amount of headers is believed to be sufficiently limited by the existing buffer size limits (client_header_buffer_size and large_client_header_buffers), the additional limit on the number of headers might be beneficial to better protect backend servers. Requested by Maksim Yevmenkin.
author Maxim Dounin <mdounin@mdounin.ru>
date Fri, 24 May 2024 00:20:01 +0300
parents 46ecad404a29
children 5e7588d2d9cc
files src/http/ngx_http_core_module.c src/http/ngx_http_core_module.h src/http/ngx_http_request.c src/http/ngx_http_request.h src/http/v2/ngx_http_v2.c src/http/v3/ngx_http_v3_request.c
diffstat 6 files changed, 40 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_core_module.c	Wed May 15 10:06:00 2024 +0300
+++ b/src/http/ngx_http_core_module.c	Fri May 24 00:20:01 2024 +0300
@@ -252,6 +252,13 @@
       offsetof(ngx_http_core_srv_conf_t, large_client_header_buffers),
       NULL },
 
+    { ngx_string("max_headers"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_num_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_core_srv_conf_t, max_headers),
+      NULL },
+
     { ngx_string("ignore_invalid_headers"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
       ngx_conf_set_flag_slot,
@@ -3463,6 +3470,7 @@
     cscf->request_pool_size = NGX_CONF_UNSET_SIZE;
     cscf->client_header_timeout = NGX_CONF_UNSET_MSEC;
     cscf->client_header_buffer_size = NGX_CONF_UNSET_SIZE;
+    cscf->max_headers = NGX_CONF_UNSET_UINT;
     cscf->ignore_invalid_headers = NGX_CONF_UNSET;
     cscf->merge_slashes = NGX_CONF_UNSET;
     cscf->underscores_in_headers = NGX_CONF_UNSET;
@@ -3504,6 +3512,8 @@
         return NGX_CONF_ERROR;
     }
 
+    ngx_conf_merge_uint_value(conf->max_headers, prev->max_headers, 1000);
+
     ngx_conf_merge_value(conf->ignore_invalid_headers,
                               prev->ignore_invalid_headers, 1);
 
--- a/src/http/ngx_http_core_module.h	Wed May 15 10:06:00 2024 +0300
+++ b/src/http/ngx_http_core_module.h	Fri May 24 00:20:01 2024 +0300
@@ -198,6 +198,8 @@
 
     ngx_msec_t                  client_header_timeout;
 
+    ngx_uint_t                  max_headers;
+
     ngx_flag_t                  ignore_invalid_headers;
     ngx_flag_t                  merge_slashes;
     ngx_flag_t                  underscores_in_headers;
--- a/src/http/ngx_http_request.c	Wed May 15 10:06:00 2024 +0300
+++ b/src/http/ngx_http_request.c	Fri May 24 00:20:01 2024 +0300
@@ -1466,6 +1466,15 @@
 
             /* a header line has been parsed successfully */
 
+            if (r->headers_in.count++ >= cscf->max_headers) {
+                r->lingering_close = 1;
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "client sent too many header lines");
+                ngx_http_finalize_request(r,
+                                          NGX_HTTP_REQUEST_HEADER_TOO_LARGE);
+                break;
+            }
+
             h = ngx_list_push(&r->headers_in.headers);
             if (h == NULL) {
                 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
--- a/src/http/ngx_http_request.h	Wed May 15 10:06:00 2024 +0300
+++ b/src/http/ngx_http_request.h	Fri May 24 00:20:01 2024 +0300
@@ -182,6 +182,7 @@
 
 typedef struct {
     ngx_list_t                        headers;
+    ngx_uint_t                        count;
 
     ngx_table_elt_t                  *host;
     ngx_table_elt_t                  *connection;
--- a/src/http/v2/ngx_http_v2.c	Wed May 15 10:06:00 2024 +0300
+++ b/src/http/v2/ngx_http_v2.c	Fri May 24 00:20:01 2024 +0300
@@ -1814,6 +1814,15 @@
         }
 
     } else {
+        cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
+
+        if (r->headers_in.count++ >= cscf->max_headers) {
+            ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                          "client sent too many header lines");
+            ngx_http_finalize_request(r, NGX_HTTP_REQUEST_HEADER_TOO_LARGE);
+            goto error;
+        }
+
         h = ngx_list_push(&r->headers_in.headers);
         if (h == NULL) {
             return ngx_http_v2_connection_error(h2c,
--- a/src/http/v3/ngx_http_v3_request.c	Wed May 15 10:06:00 2024 +0300
+++ b/src/http/v3/ngx_http_v3_request.c	Fri May 24 00:20:01 2024 +0300
@@ -657,6 +657,15 @@
         }
 
     } else {
+        cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
+
+        if (r->headers_in.count++ >= cscf->max_headers) {
+            ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                          "client sent too many header lines");
+            ngx_http_finalize_request(r, NGX_HTTP_REQUEST_HEADER_TOO_LARGE);
+            return NGX_ERROR;
+        }
+
         h = ngx_list_push(&r->headers_in.headers);
         if (h == NULL) {
             ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);