Increase Header size limit or add Cookie option: Getting [fatal] header is too large #218
Comments
|
This is the first time that's come up. I picked that limit in 1999 so it's
entirely possible the standard I was working from at the time has changed
since then. To get yourself running until I develop a permanent solution,
you can expand the buffer here:
setup.h:194
char extra[2048]; /* extra http request headers */
Then extend that if check in main.c to match
…On Fri, Jan 13, 2023 at 10:20 AM dcoracle ***@***.***> wrote:
Our organization uses cookie session headers that are larger than the
current header limit that siege has.
Looking at one of our payloads, it is just shy of 3500 where siege has it
set at 2048.
Suggest either increasing header limit or create a new option just for
Cookies since it is often larger than 2048
In src/main.c:
if((strlen(optarg) + strlen(my.extra) + 3) > 2048)
NOTIFY(FATAL, "header is too large");
—
Reply to this email directly, view it on GitHub
<#218>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABJRHZRWSHEADH4AGDIMPLTWSFXCDANCNFSM6AAAAAAT2QV6RQ>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
Jeff Fulmer
1-717-799-8226
https://www.joedog.org/
He codes
|
|
Thanks for the quick response and for the suggestion! |
|
Quickly looking at SO, the standard seems to leave it up to implementation. 8K seems like a good practical limit: https://stackoverflow.com/questions/686217/maximum-on-http-header-values |
|
Awesome, thanks!
…On Fri, Jan 13, 2023 at 11:23 AM dcoracle ***@***.***> wrote:
Quickly looking at SO, the standard seems to leave it up to
implementation. 8K seems like a good practical minimum:
https://stackoverflow.com/questions/686217/maximum-on-http-header-values
—
Reply to this email directly, view it on GitHub
<#218 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABJRHZVEZUZD7AKMIKXDS6LWSF6QHANCNFSM6AAAAAAT2QV6RQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
Jeff Fulmer
1-717-799-8226
https://www.joedog.org/
He codes
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our organization uses cookie session headers that are larger than the current header limit that siege has.
Looking at one of our payloads, it is just shy of 3500 where siege has it set at 2048.
Suggest either increasing header limit or create a new option just for Cookies since it is often larger than 2048
In src/main.c:
The text was updated successfully, but these errors were encountered: