Add --limit-request-fields (limit_request_fields) and
--limit-request-field-size (limit-request-field-size) options.
- limit_request_fields:
Value is a number from 0 (unlimited) to 32768. This parameter is
used to limit the number of headers in a request to prevent DDOS
attack. Used with the `limit_request_field_size` it allows more
safety.
- limit_request_field_size:
Value is a number from 0 (unlimited) to 8190. to set the limit
on the allowed size of an HTTP request header field.
You can now pass the parameter --limit-request-line or set the
limit_request_line in your configuration file to set the max size of the
request line in bytes.
This parameter is used to limit the allowed size of a client's HTTP
request-line. Since the request-line consists of the HTTP method, URI,
and protocol version, this directive places a restriction on the length
of a request-URI allowed for a request on the server. A server needs
this value to be large enough to hold any of its resource names,
including any information that might be passed in the query part of a
GET request. By default this value is 4094 and can't be larger than
8190.
This parameter can be used to prevent any DDOS attack.
When the path starts with //, urlsplit considers it as a relative uri
while the RDF says it shouldnt (
http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2).
While I'm remove unncessary tests on netloc. The path never contains a
netloc or port.
- handle new way to launch applications in django 1.4
- simplify the way we discover the project path and settings
- add --pythonpath & --settings options for django applications
- still compatible with older versions (>=1.1)
-handle DJANGO_SETTINGS_MODULE env.
close#283, #275, #274, #241
Without this, tornado.web.Application instances could be used as
a gunicorn application, but running a standard wsgi callback under
the tornado worker would fail.
``self.wsgi`` is the property that may be a tornado.web.Application.
The transformed application, whether originally tornado.web.Application
or a WSGI callable, should be the argument to HTTPServer.
Also, it's probably poor form to be mutating the properties of ``self``
here when a local variable suffices.
The standard logger uses locking functions which are NOT guaranteed to
be re-entrant [1], so this could (potentially) result in deadlock or a
crash.
[1] http://docs.python.org/library/logging.html Section 15.7.8.
This prevents weird things from happening when log.critical is called
in a non-except context. Typically it would result in either 'None'
or the last exception being logged, neither of which is desirable.
