java - HTTP server: what to do if header received is too long? How to manage streams? -
i have made http server, , here questions. let's - when server receiving http header - counting data received size. if hacker trying send let's header 100 mb, , server configured accept 1 mb header - how proceed in situation? can close connection, or break loop , send response error code:
bufferedinputstream = new bufferedinputstream(socket.getinputstream(), 2048); int read; while ((read = is.read(bufferdata, 0, 2048)) != -1) { //if header long - do? break , close connection or break , send response? } if stop receiving data (while client still transmitting) - , begin write date outputstream - happen?
you should send http error. recommend status code 400: bad request or status code 431 (credit julian below pointing 1 out). use integer in loop keep track , make sure haven't run on limit.
to handle this, stop reading data. typically want close streams throw exception break out of loop , in catch block send error code. handle closing connections in block.
Comments
Post a Comment