[Zope-Checkins] CVS: Packages/Zope/Startup - handlers.py:1.6.2.15 zopeschema.xml:1.7.2.17

Andreas Jung andreas at andreas-jung.com
Sat Nov 27 03:24:59 EST 2004


Update of /cvs-repository/Packages/Zope/Startup
In directory cvs.zope.org:/tmp/cvs-serv21239/lib/python/Zope/Startup

Modified Files:
      Tag: Zope-2_7-branch
	handlers.py zopeschema.xml 
Log Message:

      - Collector #1003: added new 'http-header-max-length' directive
        to zope.conf to specific the maximum length of a HTTP request
        header before it is considered as a possible DoS attack and
        discarded.


=== Packages/Zope/Startup/handlers.py 1.6.2.14 => 1.6.2.15 ===
--- Packages/Zope/Startup/handlers.py:1.6.2.14	Fri Nov 26 07:07:24 2004
+++ Packages/Zope/Startup/handlers.py	Sat Nov 27 03:24:29 2004
@@ -113,11 +113,12 @@
     import ZServer
     ZServer.CONNECTION_LIMIT = value
 
-
 def cgi_maxlen(value):
     import cgi
     cgi.maxlen = value
 
+def http_header_max_length(value):
+    return value
 
 # server handlers
 


=== Packages/Zope/Startup/zopeschema.xml 1.7.2.16 => 1.7.2.17 ===
--- Packages/Zope/Startup/zopeschema.xml:1.7.2.16	Fri Nov 26 07:07:24 2004
+++ Packages/Zope/Startup/zopeschema.xml	Sat Nov 27 03:24:29 2004
@@ -538,6 +538,12 @@
     </description>
   </key>
 
+  <key name="http-header-max-length" default="8192" handler="http_header_max_length" datatype="integer">
+    <description>
+     Maximum size of received HTTP header being processed by Zope
+    </description>
+  </key>
+
   <key name="automatically-quote-dtml-request-data" datatype="boolean"
        default="on" handler="automatically_quote_dtml_request_data">
      <description>



More information about the Zope-Checkins mailing list