Skip to content

Commit 61618d9

Browse files
atomic111chris-rock
atomic111
authored and
chris-rock
committed
add attribute client_body_buffer_size
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
1 parent 5b5d978 commit 61618d9

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

controls/nginx_spec.rb

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,13 @@
2323
# attributes
2424
CLIENT_MAX_BODY_SIZE = attribute(
2525
'client_max_body_size',
26-
description: ' Sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client. Please be aware that browsers cannot correctly display this error. Setting size to 0 disables checking of client request body size. ',
26+
description: ' Sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client. Please be aware that browsers cannot correctly display this error. Setting size to 0 disables checking of client request body size.',
27+
default: '1k'
28+
)
29+
30+
CLIENT_BODY_BUFFER_SIZE = attribute(
31+
'client_body_buffer_size',
32+
description: ' Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file. By default, buffer size is equal to two memory pages. This is 8K on x86, other 32-bit platforms, and x86-64. It is usually 16K on other 64-bit platforms.',
2733
default: '1k'
2834
)
2935

@@ -119,10 +125,10 @@
119125
title 'Prevent buffer overflow attacks'
120126
desc 'Buffer overflow attacks are made possible by writing data to a buffer and exceeding that buffer boundary and overwriting memory fragments of a process. To prevent this in nginx we can set buffer size limitations for all clients.'
121127
describe parse_config_file(nginx_conf, options) do
122-
its('client_body_buffer_size') { should eq CLIENT_MAX_BODY_SIZE }
128+
its('client_body_buffer_size') { should eq CLIENT_BODY_BUFFER_SIZE }
123129
end
124130
describe parse_config_file(nginx_conf, options) do
125-
its('client_max_body_size') { should eq '1k' }
131+
its('client_max_body_size') { should eq CLIENT_MAX_BODY_SIZE }
126132
end
127133
describe parse_config_file(nginx_hardening, options) do
128134
its('client_header_buffer_size') { should eq '1k' }

0 commit comments

Comments
 (0)