V2 equivalent for v1 'limits' directive?

Is there a v2 Caddyfile equivalent to the v1 limits directive?

v2 is capable of an equivalent, but after a quick look I think this might not be possible with just the Caddyfile right now.

One way exists in JSON (there a request_body handler that limits the request body size as it will be read by any handlers that follow it). This isn’t 100% equivalent with the v1 limits directive as described, though: JSON Config Structure - Caddy Documentation

Yeah, looking into this further - you might be able to match on the value of the Content-Length header and use a CEL expression matcher to compare it against your defined limit. Respond with a Status 413 for requests that have a larger body.

This should work for honest clients, but it’s essentially relying on self-reporting the body length accurately, so malicious clients or even just inaccurate clients could cause issues there.

The v1 limits directive, I understand, actually just wrapped the request reader and produced an error as soon as it read more than the limit was set to. As mentioned, the request_body HTTP handler available in JSON configuration acts similarly.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.