WSGI question: reading headers before message body has been read

Diez B. Roggisch deets at nospam.web.de
Sun Jan 18 20:29:38 CET 2009


Ron Garret schrieb:
> I'm writing a WSGI application and I would like to check the content-
> length header before reading the content to make sure that the content
> is not too big in order to prevent denial-of-service attacks.  So I do
> something like this:
> 
> def application(environ, start_response):
>     status = "200 OK"
>     headers = [('Content-Type', 'text/html'), ]
>     start_response(status, headers)
>     if int(environ['CONTENT_LENGTH'])>1000: return 'File too big'
> 
> But this doesn't seem to work.  If I upload a huge file it still waits
> until the entire file has been uploaded before complaining that it's
> too big.
> 
> Is it possible to read the HTTP headers in WSGI before the request
> body has been read?

AFAIK that is nothing that WSGI defines - it's an implementation-detail 
of your server. Which one do you use?

Diez



More information about the Python-list mailing list