Security
limit_request_line
--limit-request-line INT
4094
The maximum size of HTTP request line in bytes.
This parameter is used to limit the allowed size of a client’s HTTP request-line. Since the request-line consists of the HTTP method, URI, and protocol version, this directive places a restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that might be passed in the query part of a GET request. Value is a number from 0 (unlimited) to 8190.
This parameter can be used to prevent any DDOS attack.
limit_request_fields
--limit-request-fields INT
100
Limit the number of HTTP headers fields in a request.
This parameter is used to limit the number of headers in a request to prevent DDOS attack. Used with the limit_request_field_size it allows more safety. By default this value is 100 and can’t be larger than 32768.
limit_request_field_size
--limit-request-field_size INT
8190
Limit the allowed size of an HTTP request header field.
Value is a positive number or 0. Setting it to 0 will allow unlimited header field sizes.
Warning
Setting this parameter to a very high or unlimited value can open up for DDOS attacks.