From 9f1131f5972ba90c1c54c76cc97633447142b307 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Mon, 3 May 2010 15:19:53 -0700 Subject: add client_max_body_size config directive Since Rainbows! is supported when exposed directly to the Internet, administrators may want to limit the amount of data a user may upload in a single request body to prevent a denial-of-service via disk space exhaustion. This amount may be specified in bytes, the default limit being 1024*1024 bytes (1 megabyte). To override this default, a user may specify `client_max_body_size' in the Rainbows! block of their server config file: Rainbows! do client_max_body_size 10 * 1024 * 1024 end Clients that exceed the limit will get a "413 Request Entity Too Large" response if the request body is too large and the connection will close. For chunked requests, we have no choice but to interrupt during the client upload since we have no prior knowledge of the request body size. --- t/t0103-rack-input-limit.sh | 60 +++++++++++++++++++++ t/t0104-rack-input-limit-tiny.sh | 62 ++++++++++++++++++++++ t/t0105-rack-input-limit-bigger.sh | 105 +++++++++++++++++++++++++++++++++++++ t/test-lib.sh | 1 + 4 files changed, 228 insertions(+) create mode 100755 t/t0103-rack-input-limit.sh create mode 100755 t/t0104-rack-input-limit-tiny.sh create mode 100755 t/t0105-rack-input-limit-bigger.sh (limited to 't') diff --git a/t/t0103-rack-input-limit.sh b/t/t0103-rack-input-limit.sh new file mode 100755 index 0000000..38dbd4c --- /dev/null +++ b/t/t0103-rack-input-limit.sh @@ -0,0 +1,60 @@ +#!/bin/sh +. ./test-lib.sh +test -r random_blob || die "random_blob required, run with 'make $0'" + +t_plan 6 "rack.input client_max_body_size default" + +t_begin "setup and startup" && { + rtmpfiles curl_out curl_err cmbs_config + rainbows_setup $model + grep -v client_max_body_size < $unicorn_config > $cmbs_config + rainbows -D sha1-random-size.ru -c $cmbs_config + rainbows_wait_start +} + +t_begin "regular request" && { + rm -f $ok + curl -vsSf -T random_blob -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err || > $ok + dbgcat curl_err + dbgcat curl_out + test -e $ok +} + +t_begin "chunked request" && { + rm -f $ok + curl -vsSf -T- < random_blob -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err || > $ok + dbgcat curl_err + dbgcat curl_out + test -e $ok +} + +t_begin "default size sha1 chunked" && { + blob_sha1=3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3 + rm -f $ok + > $r_err + dd if=/dev/zero bs=1048576 count=1 | \ + curl -vsSf -T- -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + test "$(cat $curl_out)" = $blob_sha1 + dbgcat curl_err + dbgcat curl_out +} + +t_begin "default size sha1 content-length" && { + blob_sha1=3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3 + rm -f $ok + dd if=/dev/zero bs=1048576 count=1 of=$tmp + curl -vsSf -T $tmp -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + test "$(cat $curl_out)" = $blob_sha1 + dbgcat curl_err + dbgcat curl_out +} + +t_begin "shutdown" && { + kill $rainbows_pid +} + +t_done diff --git a/t/t0104-rack-input-limit-tiny.sh b/t/t0104-rack-input-limit-tiny.sh new file mode 100755 index 0000000..e68bc53 --- /dev/null +++ b/t/t0104-rack-input-limit-tiny.sh @@ -0,0 +1,62 @@ +#!/bin/sh +. ./test-lib.sh +test -r random_blob || die "random_blob required, run with 'make $0'" + +t_plan 6 "rack.input client_max_body_size tiny" + +t_begin "setup and startup" && { + rtmpfiles curl_out curl_err cmbs_config + rainbows_setup $model + sed -e 's/client_max_body_size.*/client_max_body_size 256/' \ + < $unicorn_config > $cmbs_config + rainbows -D sha1-random-size.ru -c $cmbs_config + rainbows_wait_start +} + +t_begin "stops a regular request" && { + rm -f $ok + dd if=/dev/zero bs=257 count=1 of=$tmp + curl -vsSf -T $tmp -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err || > $ok + dbgcat curl_err + dbgcat curl_out + test -e $ok +} + +t_begin "stops a large chunked request" && { + rm -f $ok + dd if=/dev/zero bs=257 count=1 | \ + curl -vsSf -T- -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err || > $ok + dbgcat curl_err + dbgcat curl_out + test -e $ok +} + +t_begin "small size sha1 chunked ok" && { + blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91 + rm -f $ok + dd if=/dev/zero bs=256 count=1 | \ + curl -vsSf -T- -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "small size sha1 content-length ok" && { + blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91 + rm -f $ok + dd if=/dev/zero bs=256 count=1 of=$tmp + curl -vsSf -T $tmp -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "shutdown" && { + kill $rainbows_pid +} + +t_done diff --git a/t/t0105-rack-input-limit-bigger.sh b/t/t0105-rack-input-limit-bigger.sh new file mode 100755 index 0000000..6b58291 --- /dev/null +++ b/t/t0105-rack-input-limit-bigger.sh @@ -0,0 +1,105 @@ +#!/bin/sh +. ./test-lib.sh + +t_plan 10 "rack.input client_max_body_size bigger" + +t_begin "setup and startup" && { + rtmpfiles curl_out curl_err cmbs_config + rainbows_setup $model + sed -e 's/client_max_body_size.*/client_max_body_size 10485760/' \ + < $unicorn_config > $cmbs_config + rainbows -D sha1-random-size.ru -c $cmbs_config + rainbows_wait_start +} + +t_begin "stops a regular request" && { + rm -f $ok + dd if=/dev/zero bs=102485761 count=1 of=$tmp + curl -vsSf -T $tmp -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err || > $ok + dbgcat curl_err + dbgcat curl_out + test -e $ok +} + +t_begin "stops a large chunked request" && { + rm -f $ok + dd if=/dev/zero bs=102485761 count=1 | \ + curl -vsSf -T- -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err || > $ok + dbgcat curl_err + dbgcat curl_out + test -e $ok +} + +t_begin "small size sha1 chunked ok" && { + blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91 + rm -f $ok + dd if=/dev/zero bs=256 count=1 | \ + curl -vsSf -T- -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "small size sha1 content-length ok" && { + blob_sha1=b376885ac8452b6cbf9ced81b1080bfd570d9b91 + rm -f $ok + dd if=/dev/zero bs=256 count=1 of=$tmp + curl -vsSf -T $tmp -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "right size sha1 chunked ok" && { + blob_sha1=8c206a1a87599f532ce68675536f0b1546900d7a + rm -f $ok + dd if=/dev/zero bs=10485760 count=1 | \ + curl -vsSf -T- -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "right size sha1 content-length ok" && { + blob_sha1=8c206a1a87599f532ce68675536f0b1546900d7a + rm -f $ok + dd if=/dev/zero bs=10485760 count=1 of=$tmp + curl -vsSf -T $tmp -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "default size sha1 chunked ok" && { + blob_sha1=3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3 + rm -f $ok + dd if=/dev/zero bs=1048576 count=1 | \ + curl -vsSf -T- -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "default size sha1 content-length ok" && { + blob_sha1=3b71f43ff30f4b15b5cd85dd9e95ebc7e84eb5a3 + rm -f $ok + dd if=/dev/zero bs=1048576 count=1 of=$tmp + curl -vsSf -T $tmp -H Expect: \ + http://$listen/ > $curl_out 2> $curl_err + dbgcat curl_err + dbgcat curl_out + test "$(cat $curl_out)" = $blob_sha1 +} + +t_begin "shutdown" && { + kill $rainbows_pid +} + +t_done diff --git a/t/test-lib.sh b/t/test-lib.sh index 5aa75b7..04ebeb1 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -113,6 +113,7 @@ EOF # boxes and sometimes sleep 1s in tests kato=5 echo 'Rainbows! do' + echo " client_max_body_size nil" if test $# -ge 1 then echo " use :$1" -- cgit v1.2.3-24-ge0c7