search

jvandal / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

set LimitRequestBody to be a low value by default #206

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
To protect python applications, LimitRequestBody should be (by default) set to 
something like  to be a low value by default such as 10485760.

As per http://code.google.com/p/modwsgi/wiki/ConfigurationGuidelines
"If it is unknown if a WSGI application properly protects itself against such 
attempts to upload excessively large amounts of data, then the Apache 
LimitRequestBody directive can be used.

LimitRequestBody 1048576

The argument to the LimitRequestBody should be the maxumum number of bytes that 
should be allowed in the content of a request. "

I think 1048576 may be to low a default value.

Original issue reported on code.google.com by db.pub.m...@gmail.com on 31 Aug 2010 at 4:08

GoogleCodeExporter commented 8 years ago 
Erh Sorry I can't close this issue this is a duplicate of 207. I fixed a minor 
spelling mistake here when I was filling out the bug report and hit submit then 
esc then fixed the mistake and then re-submit. Sorry :)

Original comment by db.pub.m...@gmail.com on 31 Aug 2010 at 4:09

GoogleCodeExporter commented 8 years ago

Original comment by Graham.Dumpleton@gmail.com on 31 Aug 2010 at 4:23