dumping large request header?
I'm seeing some error-messages like this:
2005-07-01 14:25:55.180 [NOTICE] [<IP>:3708-0] Http request header is too big, abandon!
Is there an option to dump such headers so I can have a look at them to see if it makes sense to rise the limit on them (8192 right now)?
There is no option to control that.
From what we had learned in the past about large request header, those are bad requests, some of them with too many "Host: xxxx" header in it. Don't know those are caused by a buggy client or intentional attacks.
I think 8192 is big enough, anything larger than that should be blocked, unless you have requests with very long URL.
If there are many requests from one IP, you may want to block it.
|All times are GMT -7. The time now is 10:01 AM.|