Reject requests in HTTP.jl server based on memory usage

Just chiming in to say that you certainly could use the “middleware” approach to handle a scenario where a client tries to send a request w/ like, a 10GB request body. The general approach here would be:

  • Define a streaming middleware (which has the form f(::HTTP.Stream) -> Nothing, instead of the higher-level request middleware which has the form f(::Request) -> Response))
  • In the streaming middleware, you would call startread(::Stream), which returns once the headers have been received on the request
  • Then check the Content-Length header to see if the request body is going to be over some max limit you’ve set for your server
  • If the request body is too large, you can reject and close the stream immediately (returning a 413 is traditional), to ensure the actual large body isn’t read into memory or allowed to affect the server.

I’ve wanted to include something like this in HTTP as a sort of “default middleware” people could use, but haven’t gotten around to it. If someone wants to pick it up and make a PR, I’d be happy to review/merge.

3 Likes