Security

limit_request_line

• --limit-request-line INT
• 4094

The maximum size of HTTP request line in bytes.

This parameter is used to limit the allowed size of a client’s HTTP request-line. Since the request-line consists of the HTTP method, URI, and protocol version, this directive places a restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that might be passed in the query part of a GET request. Value is a number from 0 (unlimited) to 8190.

This parameter can be used to prevent any DDOS attack.

limit_request_fields

• --limit-request-fields INT
• 100

Limit the number of HTTP headers fields in a request.

This parameter is used to limit the number of headers in a request to prevent DDOS attack. Used with the limit_request_field_size it allows more safety. By default this value is 100 and can’t be larger than 32768.

limit_request_field_size

• --limit-request-field_size INT
• 8190

Limit the allowed size of an HTTP request header field.

Value is a positive number or 0. Setting it to 0 will allow unlimited header field sizes.

Warning

Setting this parameter to a very high or unlimited value can open up for DDOS attacks.