On 22 May 2013, at 2:47 PM, Yann Ylavic <[email protected]> wrote:
> Well, one could inject arbitrary data in this room (with no LF), bypassing > LimitRequestBody (which does not count chunks separators), and eat resources. > This opens doors, as often when a protocol is not checked carefully… Again, this matches the previous filter behaviour, and changing this is a separate discussion. All line lengths including the one you're referring to are constrained by LimitRequestFieldSize, so to say that the protocol is unconstrained is false. Regards, Graham --
