Hello!
On Wed, Mar 07, 2012 at 10:09:38AM +0000, John Moore wrote:
> Is there some means of determining how many query parameters are being
> passed, by looking $args, say? There's a kind of DOS attack which can
> bring down Java based webapps which do binding of request parameters to
> properties, and it seems to me that nginx used as a remote proxy server
> could probably prevent this simply by rejecting requests which had more
> than x query parameters.
Something like
if ($args ~ "(?:[&;][^&;]*){50,}") {
return 403;
}
should do the trick.
Maxim Dounin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx