From 281ef555c40cf292809ad10d623d0571fafc790e Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Sat, 11 Jun 2011 06:35:12 +0000
Subject: configurator: add client_max_header_size directive

Lowering this will lower worst-case memory usage and mitigate some
denial-of-service attacks.  This should be larger than
client_header_buffer_size.

The default value is carried over from Mongrel and Unicorn.
---
 lib/rainbows/http_server.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/rainbows/http_server.rb')

diff --git a/lib/rainbows/http_server.rb b/lib/rainbows/http_server.rb
index be02630..746d534 100644
--- a/lib/rainbows/http_server.rb
+++ b/lib/rainbows/http_server.rb
@@ -97,4 +97,8 @@ class Rainbows::HttpServer < Unicorn::HttpServer
   def keepalive_requests
     Unicorn::HttpRequest.keepalive_requests
   end
+
+  def client_max_header_size=(bytes)
+    Unicorn::HttpParser.max_header_len = bytes
+  end
 end
-- 
cgit v1.2.3-24-ge0c7