доза: ограничьте прочитанный размер тела
This commit is contained in:
parent
7f7d10aeee
commit
a23abebab3
GPG key ID:
B97F30FDC4636357
1 changed files with 8 additions and 4 deletions
|
|
@ -13,6 +13,8 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const MAX_SIZE = 2 ^ 16 // 65kb
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
proxy := &httputil.ReverseProxy{
|
proxy := &httputil.ReverseProxy{
|
||||||
Rewrite: func(r *httputil.ProxyRequest) {
|
Rewrite: func(r *httputil.ProxyRequest) {
|
||||||
|
|
@ -39,15 +41,17 @@ func main() {
|
||||||
// Read response body into data. If body is encoded, decode it.
|
// Read response body into data. If body is encoded, decode it.
|
||||||
var data []byte
|
var data []byte
|
||||||
|
|
||||||
|
// Limit body size to prevent self-DOS
|
||||||
|
bodyReader := io.LimitReader(r.Body, MAX_SIZE)
|
||||||
switch r.Header.Get("Content-Encoding") {
|
switch r.Header.Get("Content-Encoding") {
|
||||||
case "gzip":
|
case "gzip":
|
||||||
reader, _ := gzip.NewReader(r.Body)
|
reader, _ := gzip.NewReader(bodyReader)
|
||||||
data, _ = io.ReadAll(reader)
|
data, _ = io.ReadAll(reader)
|
||||||
r.Body.Close()
|
reader.Close()
|
||||||
default:
|
default:
|
||||||
data, _ = io.ReadAll(r.Body)
|
data, _ = io.ReadAll(bodyReader)
|
||||||
r.Body.Close()
|
|
||||||
}
|
}
|
||||||
|
r.Body.Close()
|
||||||
|
|
||||||
// Rewrite 30x redirect location
|
// Rewrite 30x redirect location
|
||||||
locHeader := r.Header.Get("Location")
|
locHeader := r.Header.Get("Location")
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue