Thank you! That makes a lot of sense.
On Thu, Mar 12, 2015 at 11:15 AM, Maxim Dounin wrote:
> Hello!
>
> On Thu, Mar 12, 2015 at 11:01:46AM -0400, Max Rothman wrote:
>
> > Is there a way for nginx to verify that the Content-Length header isn't
> > exceeded by the ac
ctual body. Additionally, from my testing it appears that
nginx accepts
the entire request body regardless of what the Content-Length is set to. I
want to be able to defend against a potential slowloris-style attack where
all of my workers could get tied up with overly-large uploads.
Thanks,
M
