sankarNarayanan / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

set LimitRequestBody to be a low value by default #207

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
To protect python applications, LimitRequestBody should be (by default) set to 
something like  to be a low value by default such as 10485760.

As per http://code.google.com/p/modwsgi/wiki/ConfigurationGuidelines
"If it is unknown if a WSGI application properly protects itself against such 
attempts to upload excessively large amounts of data, then the Apache 
LimitRequestBody directive can be used.

LimitRequestBody 1048576

The argument to the LimitRequestBody should be the maximum number of bytes that 
should be allowed in the content of a request. "

I think 1048576 may be to low a default value. 

Original issue reported on code.google.com by db.pub.m...@gmail.com on 31 Aug 2010 at 4:08

GoogleCodeExporter commented 8 years ago
This is an Apache directive, not a mod_wsgi directive. The mod_wsgi package 
only uses what Apache provides and has no control over it.

If you want to push for there to be a default LimitRequestBody directive in 
presupplied Apache configuration files then you will need to take it up with 
the Apache Software Foundation for their predefined configuration files where 
people build Apache from source code themselves, and with all the separate 
different Linux distributions which ignore the ASF files and provide their own 
predefined files.

Original comment by Graham.Dumpleton@gmail.com on 31 Aug 2010 at 4:23