Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Early rejection for requests exceeding configured maxRequestLength #5880

Closed
yzfeng2020 opened this issue Aug 21, 2024 · 0 comments · Fixed by #6032
Closed

Early rejection for requests exceeding configured maxRequestLength #5880

yzfeng2020 opened this issue Aug 21, 2024 · 0 comments · Fixed by #6032
Labels
defect
Milestone
1.32.0

Comments

@yzfeng2020
Copy link
Contributor

yzfeng2020 commented Aug 21, 2024
edited
Loading

It is is possible to implement early rejection of HTTP requests when the Content-Length header indicates a value larger than the maximum configured request length. This would be beneficial to avoid unnecessary processing of oversized requests.

The relevant code section is located at

armeria/core/src/main/java/com/linecorp/armeria/server/Http1RequestDecoder.java

Lines 211 to 226 in d30dff0

if (contentLengthStr != null) {
long contentLength;
try {
contentLength = Long.parseLong(contentLengthStr);
} catch (NumberFormatException ignored) {
contentLength = -1;
}
if (contentLength < 0) {
fail(id, headers, HttpStatus.BAD_REQUEST, "Invalid content length", null);
return;
}
contentEmpty = contentLength == 0;
} else {
contentEmpty = true;
}
for H1 and

armeria/core/src/main/java/com/linecorp/armeria/server/Http2RequestDecoder.java

Lines 167 to 180 in d30dff0

final String contentLengthStr = headers.get(HttpHeaderNames.CONTENT_LENGTH);
if (contentLengthStr != null) {
long contentLength;
try {
contentLength = Long.parseLong(contentLengthStr);
} catch (NumberFormatException ignored) {
contentLength = -1;
}
if (contentLength < 0) {
writeErrorResponse(streamId, headers, HttpStatus.BAD_REQUEST,
"Invalid content length", null);
return;
}
}
for H2.

discord discussion: https://discord.com/channels/1087271586832318494/1087272728177942629/1275651316034699327
@ikhoon ikhoon added this to the 1.31.0 milestone Sep 12, 2024
@ikhoon ikhoon added the defect label Sep 12, 2024
@jrhee17 jrhee17 modified the milestones: 1.31.0, 1.32.0 Nov 7, 2024
@yzfeng2020 yzfeng2020 mentioned this issue Dec 12, 2024
Merged
@minwoox minwoox closed this as completed in 1157370 Jan 9, 2025
ikhoon pushed a commit that referenced this issue Jan 14, 2025
@yzfeng2020 @ikhoon
Early Rejection of Large Requests Based on Content-Length Header (#6032)
e034537 
Motivation:

 Currently, large requests are rejected only after the transferred bytes exceed the configured limit. This behavior is sub-optimal for requests that include a valid Content-Length header indicating the request is already too large. By rejecting such requests earlier—when the header is read—we can improve resource utilization and reduce unnecessary processing.

Modifications:

- Added a field to ContentTooLargeException to indicate when the exception is raised during header processing.
- Implemented content-length-based early rejection in Http1ObjectDecoder and Http2ObjectDecoder.
Result:


Result:

- Closes #5880
- Requests with a Content-Length header exceeding the allowed limit can now be rejected early in the request flow, reducing wasted resources and improving efficiency.

<!--
Visit this URL to learn more about how to write a pull request description:
https://armeria.dev/community/developer-guide#how-to-write-pull-request-description
-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect
Projects
None yet
Milestone
1.32.0
Development

Successfully merging a pull request may close this issue.

Early Rejection of Large Requests Based on Content-Length Header yzfeng2020/armeria
3 participants
@ikhoon @jrhee17 @yzfeng2020