Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^3: newb: Best way to protect CGI from non-form invocation?

by Spidy (Chaplain)
on Feb 05, 2007 at 23:44 UTC ( #598454=note: print w/ replies, xml ) Need Help??


in reply to Re^2: newb: Best way to protect CGI from non-form invocation?
in thread newb: Best way to protect CGI from non-form invocation?

You should probably take a look at this. It has a lot of helpful tips, along with answering your question in the first entry.


Comment on Re^3: newb: Best way to protect CGI from non-form invocation?
Re^4: newb: Best way to protect CGI from non-form invocation?
by JCHallgren (Sexton) on Feb 06, 2007 at 00:55 UTC
    It was AFTER reading that section/page that I came up with my question! So it did NOT answer it, but helped cause question...as I'm not using CGI:pm, for various reasons (which experts here will likely disagree with) that I could not see how it would handle my data in the way that I needed to...so need some info on what methods might work when not using the standard rountines, ok?

      CGI implements a $CGI::POST_MAX variable which sets an upper limit on the request size it'll handle. Look at that code and reimplement or copy it into yours.

      What it sounds more like you're in search of is being able to configure your web server to disallow requests over a certain size, but if it can be or how that is done is going to vary from httpd to httpd (for example, see LimitRequestBody for older Apachen).

        I looked at the POST_MAX code. It simply checks the ENV(CONTENT_LENGTH} against the POST_MAX value and returns a 413 error if larger. The problem with that solution is that the CGI script has ALREADY been passed the unneeded large data block, so handling it at server level seems to be a better approach.

        Based on your helpful pointer, I was able to get the host I use to add this directive to the allowed list. I have now added it at Directory level for my CGI folder and it works great to block undesired POST data over my specified size. THANKS much!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://598454]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (11)
As of 2014-12-26 14:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (171 votes), past polls