jplatte
commented
7 months ago This is something that hyper would handle. At the time a tower service or middleware gets access to a request, all the headers have been read already.
Also please don't open both an issue and a GitHub discussion about the same thing, pick the one that seems the most fitting.
Feature Request
Motivation
Prevent Axum servers from receiving oversized headers to mitigate resource consumption and potential security risks.
Proposal
Implement a configurable header size limit in the Axum framework that rejects requests with large headers during TCP stream parsing and disconnects the connection when exceeded.