Your skill will accomplish what the force of many cannot |
|
PerlMonks |
SOLVED: Limit URL length with Dancer/Starmanby gsiems (Deacon) |
on Nov 07, 2013 at 21:05 UTC ( [id://1061626]=perlquestion: print w/replies, xml ) | Need Help?? |
gsiems has asked for the wisdom of the Perl Monks concerning the following question: Brethren, Using Apache, if submit a way-too-long request URL the server will respond with a 414 "Request-URI Too Large" error. If I try submitting a way-too-long URL to my Dancer application it causes the worker process to go to 100% CPU and (within a few seconds) the request fails. Is there a way to throw a 414 and avoid this behavior when Dancer running under Starman? Many thanks for your input. Update: The application is a restful service that supports multiple (read-only) web reporting applications and consists of one primary perl module and several additional "business" modules (one business module for each web-app). The main module takes care of all the database access, rendering, etc. and the "business" modules define the routes and configuration for each of the web-apps and are 90+% configuration. Each route consists of the base URL for that route plus query parameters for filtering the data to be returned. Because of the way things are built it makes it easy to add new "business" modules; it also seems to mean that adding a "it's too long" route to the beginning of the primary module doesn't works as it appears that it is not necessarily the first route checked. So far the effort has been in building the routes, making them work, and ensuring that things are secure. Reading Blog post on hardening Perl's hash function reminded me that I should also be spending a bit more time on making things robust to intentionally bad input. Currently, valid input parameters are un-tainted prior to using and invalid input parameters get dropped on the floor-- but what happens if/when a valid route with hundreds/thousands of invalid parameters are submitted? Adding a "it's too long" route to the beginning of the primary module appears to only work if the route submitted doesn't match any of the business routes-- as such, it doesn't catch the case of the way-too-many intentionally mischevious input parameters. It also only catches the "too-long-invalid-route" after it's spent however much time looking at it. I've tried using a "before hook" but I can't for the life of me figure out how to short-circuit the request at that point.
Back to
Seekers of Perl Wisdom
|
|