Now you able to use existed type instance or factory method to create and customize class during in-code configuration.
E.g.:
>>> settings.set('worker_class', MyWorkerClass)
>>> settings.set('worker_class', lambda: MyWorkerClass)
All other formats still valid.
We were supposed to handled the upgrade header there but the way we
extend the default headers imply we were sending 2 connections headers.
Instead we are now testing if the upgrade header is present and keep it.
Intoduce a change in log access format:
- request headers are now added to the log format using the
{HeaderName}i variable
- response headers are now handled using the {HeaderName}o variables
- headers name are insensitive
- non existent keys in the log access format are replaced by '-'
Add --limit-request-fields (limit_request_fields) and
--limit-request-field-size (limit-request-field-size) options.
- limit_request_fields:
Value is a number from 0 (unlimited) to 32768. This parameter is
used to limit the number of headers in a request to prevent DDOS
attack. Used with the `limit_request_field_size` it allows more
safety.
- limit_request_field_size:
Value is a number from 0 (unlimited) to 8190. to set the limit
on the allowed size of an HTTP request header field.
You can now pass the parameter --limit-request-line or set the
limit_request_line in your configuration file to set the max size of the
request line in bytes.
This parameter is used to limit the allowed size of a client's HTTP
request-line. Since the request-line consists of the HTTP method, URI,
and protocol version, this directive places a restriction on the length
of a request-URI allowed for a request on the server. A server needs
this value to be large enough to hold any of its resource names,
including any information that might be passed in the query part of a
GET request. By default this value is 4094 and can't be larger than
8190.
This parameter can be used to prevent any DDOS attack.
When the path starts with //, urlsplit considers it as a relative uri
while the RDF says it shouldnt (
http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2).
While I'm remove unncessary tests on netloc. The path never contains a
netloc or port.
