Opened 11 years ago
Last modified 5 years ago
#586 new enhancement
variable support for client_max_body_size
Reported by: | Tarek Ziade | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.7.x |
Keywords: | Cc: | ||
uname -a: | |||
nginx -V: | 1.7.0.1 |
Description
I would like to suggest adding nginx variable support to the client_max_body_size directive.
This would be quite useful to set this value dynamically.
Change History (8)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
Sure:
Using HTTPLuaModule, I am calling an external server (a web application firewall app) in a subrequest that will let me know the max body size depending on the query path.
The external app can offer a rich rules-based environment to deal with security, without having to restart and/or reconfigure all our Nginx servers. The values are slightly cached of course so we don't call the WAF server on every request.
comment:3 by , 11 years ago
Any use cases without 3rd-party modules? Your example will not work anyway, because the length is checked before lua code is executed.
comment:4 by , 11 years ago
the length is checked before lua code is executed.
In that case it defeats the purpose for me.
I am a bit confused though as this seemed possible, according to the OpenResty maintainer - https://groups.google.com/forum/#!topic/openresty-en/qgSjFSSDVrg
comment:5 by , 10 years ago
ngx_lua does not call the standard nginx request body reader before executing user Lua code. It is up to the user to decide when to actually read the request body (and even how to, the standard request body reader is just one option).
Speaking of the implementation for this feaure in the nginx core, the "complex value" of client_max_body_size can be evaluated at the time of the ngx_http_read_client_request_body call.
comment:6 by , 10 years ago
Ideally, this could be an internal feature on the level of the NGINX C API so that the 3rd-party module can use different limits for different requests on-the-fly. This is much more efficient than the nginx variable approach IMHO.
comment:7 by , 5 years ago
One use case without 3rd party modules:
Set client_max_body_size differently depending upon the result of the client certificate verification (allow higher value only when client cert has been verified)
comment:8 by , 5 years ago
Is there a simple workaround how to set a globaly and set it to a lower value in a certain domain?
I would like to solve this in the nginx config folder without having to recompile nginx.
Maybe you can solve this by defining an upstream
and use proxy_pass
to redirect at the right condition?
Could you provide use cases as well?