Merge pull request #8 from spaship/feat/request-header-size

feat(LimitRequestFieldSize): Set request header field size to 16kb.
spaship · Jun 2, 2021 · 40a9343 · 40a9343
2 parents 5ca8c57 + 1c41027
commit 40a9343
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/httpd.conf b/httpd.conf
@@ -121,6 +121,23 @@ ServerAdmin root@localhost
 #
 DocumentRoot "/var/www/html"
 
+#
+# LimitRequestFieldSize: This directive specifies the number of bytes that 
+# will be allowed in an HTTP request header. The LimitRequestFieldSize 
+# directive allows the server administrator to set the limit on the allowed 
+# size of an HTTP request header field. A server needs this value to be large 
+# enough to hold any one header field from a normal client request. The size 
+# of a normal request header field will vary greatly among different client 
+# implementations, often depending upon the extent to which a user has 
+# configured their browser to support detailed content negotiation. SPNEGO
+# authentication headers can be up to 12392 bytes.
+#
+# This directive gives the server administrator greater control over abnormal 
+# client request behavior, which may be useful for avoiding some forms of 
+# denial-of-service attacks.
+#
+LimitRequestFieldSize 16384 
+
 #
 # Relax access to content within /var/www.
 #