WSGI question: reading headers before message body has been read
Diez B. Roggisch
deets at nospam.web.de
Sun Jan 18 20:29:38 CET 2009
Ron Garret schrieb:
> I'm writing a WSGI application and I would like to check the content-
> length header before reading the content to make sure that the content
> is not too big in order to prevent denial-of-service attacks. So I do
> something like this:
>
> def application(environ, start_response):
> status = "200 OK"
> headers = [('Content-Type', 'text/html'), ]
> start_response(status, headers)
> if int(environ['CONTENT_LENGTH'])>1000: return 'File too big'
>
> But this doesn't seem to work. If I upload a huge file it still waits
> until the entire file has been uploaded before complaining that it's
> too big.
>
> Is it possible to read the HTTP headers in WSGI before the request
> body has been read?
AFAIK that is nothing that WSGI defines - it's an implementation-detail
of your server. Which one do you use?
Diez
More information about the Python-list
mailing list