Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re^3: newb: Best way to protect CGI from non-form invocation?

by Spidy (Chaplain)
on Feb 05, 2007 at 23:44 UTC ( #598454=note: print w/replies, xml ) Need Help??

in reply to Re^2: newb: Best way to protect CGI from non-form invocation?
in thread newb: Best way to protect CGI from non-form invocation?

You should probably take a look at this. It has a lot of helpful tips, along with answering your question in the first entry.
  • Comment on Re^3: newb: Best way to protect CGI from non-form invocation?

Replies are listed 'Best First'.
Re^4: newb: Best way to protect CGI from non-form invocation?
by JCHallgren (Sexton) on Feb 06, 2007 at 00:55 UTC
    It was AFTER reading that section/page that I came up with my question! So it did NOT answer it, but helped cause I'm not using CGI:pm, for various reasons (which experts here will likely disagree with) that I could not see how it would handle my data in the way that I needed need some info on what methods might work when not using the standard rountines, ok?

      CGI implements a $CGI::POST_MAX variable which sets an upper limit on the request size it'll handle. Look at that code and reimplement or copy it into yours.

      What it sounds more like you're in search of is being able to configure your web server to disallow requests over a certain size, but if it can be or how that is done is going to vary from httpd to httpd (for example, see LimitRequestBody for older Apachen).

        I looked at the POST_MAX code. It simply checks the ENV(CONTENT_LENGTH} against the POST_MAX value and returns a 413 error if larger. The problem with that solution is that the CGI script has ALREADY been passed the unneeded large data block, so handling it at server level seems to be a better approach.

        Based on your helpful pointer, I was able to get the host I use to add this directive to the allowed list. I have now added it at Directory level for my CGI folder and it works great to block undesired POST data over my specified size. THANKS much!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://598454]
[robby_dobby]: This anonymonk's post reads weird to me
[robby_dobby]: Other than the content, that Chrome would not allow submitting code sounds like something funky going on there :P
[erix]: lazyness-driven inventio :)
[erix]: "the dog ate my homework"
[Eily]: looks more like "all my plates are broken and I don't understand why. Also I can't retrieve the broken parts because the elephant in the room is on the way"
[ambrus]: Eily: also webpages aren't displayed on my monitor no matter what I click with the mouse, and there's a blackout right now, could that be a problem?

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (10)
As of 2017-04-25 13:07 GMT
Find Nodes?
    Voting Booth?
    I'm a fool:

    Results (453 votes). Check out past polls.