Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Header too large

On 01/02/2025 17:38, Greg Wilkins wrote:
John,

It is always difficult with bad requests to know what info should be logged and/or included in error messages and exceptions.   If it is the header name itself that is large, then logging it may become a DOS vector as it can fill up file systems etc.  Then they can include bad characters that can be some form of other attack as well.

Thus we tend to avoid including user provided data in warnings.   We still do in some places, but over time we get security warnings about them and remove them.

Ah, OK, I see. Thanks.

--
John English

--
This email has been checked for viruses by AVG antivirus software.
www.avg.com


Back to the top